Single Sign-On & Identity Provider

In order to personalize the experience of the audience, broadcasters need to uniquely identify a user across platforms (Web, Mobile, TV, Radio) while carefully respecting his privacy. PEACH provides a Single Sign-On and Identity Provider, which takes care of the management of the user accounts, namely profile, as well as authentication and authorizations.

The implementation of PEACH single sign-on already includes many features listed below, and is constantly enhanced and improved.

Authentication

Features overview

Features Technical Notes
User Account
Creation Account creation with username, password and captcha integration
E-Mail verification Sending e-mails for verification of accounts
Password recovery Password recovery through e-mail password reset
Account deletion Account deletion with password verification
Generic profile information Add generic profile information such as names, birthday, language etc.
Authentication
Simple authentication Authenticate using username and password on a web form
Identity federation Allow authentication with third parties such as Facebook, Twitter login
Single sign-on
Transparent on same domain servers Using a HTTP-only cookie, users are automatically authenticated on the domains and subdomains of the identity provider.
Limited Input Devices Displays a code and a URL on the device in order to link the device with the user's profile. (ETSI TS 103 407)
Client side applications Retrieves a token on a client-side applications using the OAuth2.0 - Implicit Grant, which can be used for API calls on authorized services.
Server side applications Retrieves a token on the server-side, which authorizes the server to act on behalf of the user. (OAuth2.0 - Authorization Code Grant)
Simple API login Retrieves a token in exchange of a valid username and password. (OAuth2.0 - Resource Owner Credentials Grant)
Layout
Templating Templates for customization and branding for site pages and e-mails messages
Translation Built-in multi-language support and translation module

Customization & Branding

Branding on the single sign-on pages is important to make users feel and trust that the authentication service belongs to the right organization. PEACH's Single Sign-On and Identity Provider project support branding of the pages as well as the e-mails sent out to the users. Below is an example of the implementation of RTS.

RTS Branded Identity Provider