Single Sign-On & Identity Provider
In order to personalize the experience of the audience, broadcasters need to uniquely identify a user across platforms (Web, Mobile, TV, Radio) while respecting the user's privacy. PEACH provides a Single Sign-On and Identity Provider, which takes care of the management of the user accounts, namely profile, as well as authentication and authorizations.
The implementation of PEACH single sign-on already includes many features listed below, and is constantly enhanced and improved.
|Creation||Account creation with username, password and captcha integration|
|E-Mail verification||Sending e-mails for verification of accounts|
|Password recovery||Password recovery through e-mail password reset|
|Account deletion||Account deletion with password verification|
|Generic profile information||Add generic profile information such as names, birthday, language etc.|
|Simple authentication||Authenticate using username and password on a web form|
|Identity federation||Allow authentication with third parties such as Facebook, Twitter login|
|Transparent on same domain servers||Using a HTTP-only cookie, users are automatically authenticated on the domains and subdomains of the identity provider.|
|Limited Input Devices||Displays a code and a URL on the device in order to link the device with the user's profile. (ETSI TS 103 407)|
|Client side applications||Retrieves a token on a client-side applications using the OAuth2.0 - Implicit Grant, which can be used for API calls on authorized services.|
|Server side applications||Retrieves a token on the server-side, which authorizes the server to act on behalf of the user. (OAuth2.0 - Authorization Code Grant)|
|Simple API login||Retrieves a token in exchange of a valid username and password. (OAuth2.0 - Resource Owner Credentials Grant)|
|Templating||Templates for customization and branding for site pages and e-mails messages|
|Translation||Built-in multi-language support and translation module|
Customization & Branding
Branding on the single sign-on pages is important to make users feel and trust that the authentication service belongs to the right organization. PEACH's Single Sign-On and Identity Provider project support branding of the pages as well as the e-mails sent out to the users. Below is an example of the implementation of RTS.