We’ve recently released the third generation of our single sign-on capability, which represents a significant increase in functionality.
Previous generations of PBwiki’s single sign-on let you authenticate people from a particular domain; in other words, if I ran an authentication server for ChrisYeh.com, I could allow other people with ChrisYeh.com identities to log into my individual PBwiki without creating their own PBwiki accounts.
However, we discovered that many of you wanted to authenticate people from more than one domain, and for more than one wiki. This is a complicated problem, so we sent our resident genius and CTO, Nathan, off to build a solution. He returned with Single Sign-On 3.0.
Now you can authenticate people from any domain to access any wiki that you control.
Since I am but a marketing guy, for the full details, I’ll turn you over to Nathan and Steven, one of our Support Gurus:
“Single Sign-On (AKA SSO AKA delegated authentication) allows you to build an authentication server that can use your existing user database/directory to help identify and verify users so they may have access to your company’s PBwikis. By doing this you eliminate the need for your users to register an account with PBwiki which in turn eliminates the need for them to remember another username/password.
In four steps the user can use their existing identity to log into into https://my.pbworks.com or https://wikiname.pbworks.com. Depending on the authentication server, you may also be able to set delays (wait period before logging in), access levels (reader, writer, editor, admin), and wiki access (wiki1, wiki2, wiki3 or all the wikis).
Here’s how it works:
1) Your user visits the wiki, and if not already logged in they’re redirected to your authentication server along with several URL parameters required to complete a login.
2) Your authentication server identifies the user and determines the wikis and access levels to grant.
3) Your authentication server redirects the user back PBwiki along with securely signed URL parameters which indicate to our servers who the user is and what permissions they should have on your wikis.
4) PBwiki verifies the URL parameters and signature, then creates a new user account if necessary and then grants the indicated permissions and issues an appropriate set of session cookies for the particular user.
This system, while highly secure, is quick and easy for end users and simple for an IT administrator to set up on your organization’s network. PBwiki has sample code available for a number of common programming languages and can refer independent consultants who have experience integrating customer intranets with PBwiki’s Single Sign-On features.”
For more details on SSO 3.0, you can refer to our documentation on delegated authentication.