Introduce the SSO in Office 365 Applications

Overview of Single Sign-on

sso-slution-for-office365-apps

The whole process of SSO solutions is above. When a user access another web app using the same Identity Provider, the step 4 and step 5 will not be required (user do not need to fill the user name and password again).

Let’s take the SharePoint Online as an example, if a user wants to access the resource on https://domain-name.sharepoint.com/officedev.

sharepoint-signin-process

[1] go to https://domain-name.sharepoint.com/officedev

[2] redirect to /Authenticate.aspx?Source=/officedev

[3] go to /Authenticate.aspx?Source=/officedev

[4] redirect to /_forms/default.aspx?ReturnUrl=/officedev/_layouts/15/Authenticate.aspx?Source=/officedev&Source=cookie

[5] go to /_forms/default.aspx?ReturnUrl=/officedev/_layouts/15/Authenticate.aspx?Source=/officedev&Source=cookie

[6] redirect to https://login.microsoftonline.com/login.srf?wa=wsignin1.0\&rpsnv=4\&ct=1459338000\&rver=6.1.6206.0\&wp=MBI\&wreply=https://domain-name.sharepoint.com/\_forms/default.aspx?apr=1\&lc=1033\&id=500046\&guests=1\&client-request-id=f9976d9d-601d-3000-1639-df

[7] go to https://login.microsoftonline.com/login.srf?wa=wsignin1.0\&rpsnv=4\&ct=1459338000\&rver=6.1.6206.0\&wp=MBI\&wreply=https://domain-name.sharepoint.com/\_forms/default.aspx?apr=1\&lc=1033\&id=500046\&guests=1\&client-request-id=f9976d9d-601d-3000-1639-df

[8] response with the login page

[9] submit the user name and password to login

[10] response a html page which will post a request in javascript.

[11] post to https://domain-name.sharepoint.com/\_forms/default.aspx?apr=1\&wa=wsignin1 [body: signed ticket]

[12] response to set the auth cookie [FedAuth] and redirect to /officedev/_layouts/15/Authenticate.aspx?Source=%2Fofficedev

[13] go to /officedev/_layouts/15/Authenticate.aspx?Source=/officedev [with cookie FedAuth]

[14] response: redirect to https://domain-name.sharepoint.com/officedev

[15] go to https://domain-name.sharepoint.com/officedev