Single sign-on (
SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Such as we once log in to google, we are permitted to access the Youtube, Docs, Google Drive etc.

We may think about sharing the session cookies among the all domains
but its generally not a good idea. One can steal cookies to sign in from other system or browser. Single SignOn Helps us in getting around this problem and implement a much robust system.
How do we implement Single Sign-On in Rails App?
We will try to get our hand around on how to build a prototype around a rails app to implement single sign-on. We will be looking a sample rails application powered by CASino gem
Why we are using CASino ?
- Distributed under MIT LIcense
- Active Development since
- External authentication sources (LDAP, SQL)
- Two-factor authentication
- Session-overview for logged-in users
- Full localization support
- REST-API
So what is CASino exactly?
CASino is a simple Single sign-on server application. It supports the CAS protocol and can therefore be used in combination with almost every web programming language out there.
CAS is an authentication system originally created by Yale University to provide a trusted way for an application to authenticate a user. CAS centralizes authentication: It allows all your applications to ask users to login to a single sign-on server
The implementation.
Here we have two apps client and server. We assume that the app is using devise for the demonstration purposes.
The Logic can easily be extended to other authentication methods though. The app is as simple as configuring a few variables in the CASino gem.
- user request to client domain .
- it redirects to the server if not authorised.
- Start with adding the gems client app
- redirects to back url to whichever client request url is
Step #1 Implementing the client application.
Gemfile
# If You face some compatability issues then use ruby 2.1
gem 'devise_cas_authenticatable', git: '<a href="https://github.com/jpamaya/devise_cas_authenticatable">https://github.com/jpamaya/devise_cas_authenticatable</a>'
routes.rb
devise_for :users, skip: [:sessions], controllers: { cas_sessions: 'sso_cas' }
devise_scope :user do
get "sign_in", to: "devise/cas_sessions#new"
delete "sign_out", to: "devise/cas_sessions#destroy"
end
devise.rb
# ==> Configuration for SSO server authentication
config.cas_base_url = "http://localhost:4000/"
config.cas_create_user = false
config.cas_destination_logout_param_name = 'service'
config.cas_enable_single_sign_out = true
User.rb
devise :cas_authenticatable
Now run client application on localhost:3000 and begin with typing users/sign_in
Since we overwrote devise’s sign in mechanism, so instead of presenting devise’s normal sign in page, we are redirected to localhost:4000 which is the backend app to authenticate the users. Lets prepare the backend app to authenticate the users.
Step #2 Start with implementing code in server app
limitation use ruby ruby “2.1.5” and rails “3.2.11” check rails -v ‘~>(‘ 3.2.11’). for server app
Gemfile
#It users these db to store sessions and some tokens. casino will take care all about these
gem 'sqlite3' # for sqlite support
gem 'mysql2' # for mysql support
gem 'pg' # for postgresql support
gem 'casino'
Run bundle install and rails g casino:install
The CAS configuration is stored under config/cas.yml. This is where you configure how your SSO handles logins. An example configuration can be found in the file config/cas.yml.example
provide the valid db credentials and run the migrations.
Run this app on localhost:4000 , Just follow the old steps
- Goto localhost:3000/users/sign_in
- You will redirected to localhost:4000 enter credentials click sign in
- You will be redirected back on successful login
In the links below you can find some ready made examples for you to clone these apps and have better understanding of SSO.
Server exampleruby “2.1.5”git clone https://github.com/codescrum/casino-sso-server-example.gitRails 4 client examplegit clone https://github.com/codescrum/casino-sso-client-rails4-example.gitRails 3 client example
git clone https://github.com/codescrum/casino-sso-client-rails3-example.git |
Let us know in comments if you face any troubles in the implementation !!
PS: Single Sign-out has been left as a thought for another day and we will discuss that in a follow up blog.
Join Us