Gigya Job Openings

SAML Proxy Page - IdP Settings

Skip to end of metadata
Go to start of metadata

Note: Gigya as SAML IdP is a premium Gigya platform that requires separate activation and utilizes Gigya's Registration-as-a-Service (RaaS). If these are not yet a part of your existing site package, please contact Gigya Support via the Support link in the top menu of your Console Dashboard or email support@gigya.com.

SAML is not supported natively in iOS but does work in WebView.

Gigya SAML Proxy Page

This is a static HTML page that the partner places in his site in order to use Gigya SAML IdP.
This page should include the Gigya's SAML enabling script, located at https://cdns.gigya.com/js/gigya.saml.js. The script accepts your API key as a parameter, and takes care of creating the SAML assersions. 

The proxy page holds two parameters: the partner SAML login page URL and logout page URL.

<script src="https://cdns.gigya.com/js/gigya.saml.js?apiKey=<your API key>">
    {
        loginURL:"https://my.example.com/login.html",
        logoutURL: "https://my.example.com/logout.html"
    }
</script>

loginURL

The loginURL is a page that initiates a call to Gigya's login method. The call should be made with an onLogin event handler that calls continueSSO.
When login is IdP initiated, initSSO/continueSSO should be provided an SP name as defined in the IdP configuration.

A sample loginURL page:

<head>
    <script type="text/javascript" src="http://cdn.gigya.com/js/gigya.js?apiKey=<your API key>">      </script>
</head>
<body>
    <div id="container"></div>
    <script>
        gigya.socialize.addEventHandlers({
            onLogin: function() {
                gigya.fidm.saml.continueSSO();
            }
        });

		gigya.accounts.showScreenSet({
                screenSet: 'Default-RegistrationLogin',
				containerID: "container",
				sessionExpiration: '20000'
        });
    </script>    
</body>

 

Placeholders

In the loginURL you can include a placeholder for the SP name ${spName} that you can use to customize landing pages for different SP's within your account. You can display different information as well as perform different actions depending upon the spName returned.

A code example:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Saml Proxy page</title>
    <script src="https://cdns.gigya.com/js/gigya.saml.js?apiKey=<your API key>">
    {  // Global Config object
        loginURL: 'my.example.com/login.html?currentSP=${spName}'
        ,logoutURL: 'my.example.com/logout.html'
    }
    </script>
</head>
<body>
</body>
</html>

You can then pull the spName from the url using Javascript (or directly from the query string via PHP $_GET or similar).

Example code using the above Global Config object with PHP:

<?php
if ( isset( $_GET['currentSP'] ) && $_GET['currentSP'] !== '' ) {
	$spName = $_GET['currentSP'];
} else {
	$spName = '';
}
if ($spName !== '') {
	if ($spName == 'siteOne') {
		$pageTitle="Site-One";
	}
	else if ($spName == 'siteTwo') {
		$pageTitle="Site-Two";
	}
	else {
		$pageTitle="Default Title";
	}
}
else {
	$pageTitle="Default Title";
}
?>
<html>
<head>
<title><?php echo $pageTitle; ?></title>
</head>
<body>
...
</body>
</html>


See the IdP SSO and SLO flows for a description of what the page does.

logoutURL

The logoutURL is a page that is opened within a hidden iframe after the user is logged out, where you can perform additional logic on the user, such as removal of any site specific session cookies.

There is no identifiable information passed to this page via Gigya, e.g., UID, since the user is already logged out. Scripts on this page should run when the page loads and not rely on any specific user.

 

A sample logoutURL page:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<script type="text/javascript" lang="javascript" src="http://cdn.gigya.com/JS/gigya.js?apikey=<Your-API-Key>">
</script>
</head>
<body>
    <div id="container">please wait...</div>
<script>
	function afterLogout() {      
		// Handle removal/deletion of any session cookies
		// Define any additional logic to perform on the logged out user's browser
	}
    afterLogout();
</script>
</body>
</html>

 

 

  • No labels