Single Signon

This section explains how to enable Single Signon for an ONAP Portal SDK Application.

Issue-ID: PORTAL-216
Change-Id: Iea8ac4ebf724764f14cd0a6d11ff6f31f0f76cf8
Signed-off-by: abdelseaudi <abdelmuhaimen.seaudi@orange.com>

2 files changed, 49 insertions, 0 deletions

diff --git a/docs/tutorials/portal-sdk/index.rst b/docs/tutorials/portal-sdk/index.rst
index 023fc622..4d20ffd3 100644
--- a/docs/tutorials/portal-sdk/index.rst
+++ b/docs/tutorials/portal-sdk/index.rst
@@ -19,5 +19,6 @@ Building ONAP Portal SDK Web Applications
 	pulling-db-data
 	google-charts
 	dynamic-content
+	single-signon
 	wrapping-up
 
diff --git a/docs/tutorials/portal-sdk/single-signon.rst b/docs/tutorials/portal-sdk/single-signon.rst
new file mode 100644
index 00000000..fb490a77
--- /dev/null
+++ b/docs/tutorials/portal-sdk/single-signon.rst
@@ -0,0 +1,48 @@
+Enabling Single-Signon
+======================
+
+This tutorial explains the Single-Signon of ONAP Portal, and how to enable it in our sample application.
+
+When a user logs in using the ONAP Portal Login, a cookie is created to record the logged-in session,
+and it includes the username and other parameters.
+
+In our tutorial app so far we used "http://app-host:port/epsdk-app-os/login.htm" to login into the application.
+
+This is called the external login, which is used a backdoor for developers to test the applications
+in a local environment, without having the entire Portal.
+
+Now, when the application is ready and onboarded on to the Portal, we can now use
+"http://app_host:port/epsdk-app-os/welcome.htm" as the application onboarding URL in ONAP Portal.
+
+Onboarding steps can be found here
+https://wiki.onap.org/display/DW/Application+Onboarding#ApplicationOnboarding-addapp.
+
+The welcome.htm page code will try to read the session cookie from the browser to detect if there is
+a user that's already logged-in into the ONAP Portal.
+
+If a cookie is found, then this means a user is already logged-in to the  ONAP Portal and
+the application welcome.htm page will display showing the application frontend in a tab inside ONAP Portal.
+
+However, if a cookie is not found, the code will look for the redirect URL listed in the
+WEB-INFO/classes/portal.properties file.
+
+Assuming the ecomp_redirect_url = http://portal.api.simpledemo.onap.org:8989/ONAPPORTAL/login.htm
+for Amsterdam release, then, the user will be redirected to the ONAP Portal login page to log in.
+
+If the user login succeeds, the Portal login page will redirect the user back to the Application
+welcome page.
+
+This should enable the application to  use the Portal’s Single Signon.
+
+Note that the ONAP Portal and its on-boarded application must be on the same domain
+(e.g. *.simpledemo.onap.org) to take advantage of the Single Signon.
+
+Otherwise, if the application is hosted in a different domain, its code will not be able to read ONAP
+Portal session cookies.
+
+Due to security reasons the ONAP Portal restricts to one domain (defined in the properties) across
+the applications on-boarded to it.
+
+However, if the application is not interested in single signon feature, then the new application can
+be always be on-boarded as a “Hyperlink only application” which will be opened into a new browser
+rather than the internal Portal’s tab.