Single Sign-On & Identity Provider
In order to personalize the experience of the audience, broadcasters need to uniquely identify a user across platforms (Web, Mobile, TV, Radio) while respecting the user's privacy. PEACH provides a Single Sign-On and Identity Provider, which takes care of the management of the user accounts, namely profile, as well as authentication and authorizations.
The implementation of PEACH single sign-on already includes many features listed below, and is constantly enhanced and improved.
Features overview
| Features | Technical Notes |
|---|---|
| User Account | |
| Creation | Account creation with username, password and captcha integration |
| E-Mail verification | Sending e-mails for verification of accounts |
| Password recovery | Password recovery through e-mail password reset |
| Account deletion | Account deletion with password verification |
| Generic profile information | Add generic profile information such as names, birthday, language etc. |
| Authentication | |
| Simple authentication | Authenticate using username and password on a web form |
| Identity federation | Allow authentication with third parties such as Facebook, Twitter login |
| Single sign-on | |
| Transparent on same domain servers | Using a HTTP-only cookie, users are automatically authenticated on the domains and subdomains of the identity provider. |
| Limited Input Devices | Displays a code and a URL on the device in order to link the device with the user's profile. (ETSI TS 103 407) |
| Client side applications | Retrieves a token on a client-side applications using the OAuth2.0 - Implicit Grant, which can be used for API calls on authorized services. |
| Server side applications | Retrieves a token on the server-side, which authorizes the server to act on behalf of the user. (OAuth2.0 - Authorization Code Grant) |
| Simple API login | Retrieves a token in exchange of a valid username and password. (OAuth2.0 - Resource Owner Credentials Grant) |
| Layout | |
| Templating | Templates for customization and branding for site pages and e-mails messages |
| Translation | Built-in multi-language support and translation module |
Customization & Branding
Branding on the single sign-on pages is important to make users feel and trust that the authentication service belongs to the right organization. PEACH's Single Sign-On and Identity Provider project support branding of the pages as well as the e-mails sent out to the users. Below is an example of the implementation of RTS.
