Single Sign-On & Identity Provider
In order to personalize the experience of the audience, broadcasters need to uniquely identify a user across platforms (Web, Mobile, TV, Radio) while respecting the user's privacy. PEACH provides a Single Sign-On and Identity Provider, which takes care of the management of the user accounts, namely profile, as well as authentication and authorizations.
The implementation of PEACH single sign-on already includes many features listed below, and is constantly enhanced and improved.
Features overview
Features | Technical Notes |
---|---|
User Account | |
Creation | Account creation with username, password and captcha integration |
E-Mail verification | Sending e-mails for verification of accounts |
Password recovery | Password recovery through e-mail password reset |
Account deletion | Account deletion with password verification |
Generic profile information | Add generic profile information such as names, birthday, language etc. |
Authentication | |
Simple authentication | Authenticate using username and password on a web form |
Identity federation | Allow authentication with third parties such as Facebook, Twitter login |
Single sign-on | |
Transparent on same domain servers | Using a HTTP-only cookie, users are automatically authenticated on the domains and subdomains of the identity provider. |
Limited Input Devices | Displays a code and a URL on the device in order to link the device with the user's profile. (ETSI TS 103 407) |
Client side applications | Retrieves a token on a client-side applications using the OAuth2.0 - Implicit Grant, which can be used for API calls on authorized services. |
Server side applications | Retrieves a token on the server-side, which authorizes the server to act on behalf of the user. (OAuth2.0 - Authorization Code Grant) |
Simple API login | Retrieves a token in exchange of a valid username and password. (OAuth2.0 - Resource Owner Credentials Grant) |
Layout | |
Templating | Templates for customization and branding for site pages and e-mails messages |
Translation | Built-in multi-language support and translation module |
Customization & Branding
Branding on the single sign-on pages is important to make users feel and trust that the authentication service belongs to the right organization. PEACH's Single Sign-On and Identity Provider project support branding of the pages as well as the e-mails sent out to the users. Below is an example of the implementation of RTS.