SSO with OpenID Connect

For customers with their own identity server that complies with the OpenID Connect (OIDC) standard, setting up single sign-on (SSO) is relatively easy. It involves a number of steps from both the customer and Drillster. This pages describes the steps required on the part of the customer.

If you are interested in creating an SSO integration with Drillster using Open ID Connect, please contact support@drillster.com.

Registering a client application

Drillster will be acting as a client application to your OIDC server, so a client application must be registered at your OIDC server. This can be done in one of two ways:

  1. Drillster registers it
  2. You register it

Drillster registers it

The easiest and most secure way to do this is to allow Drillster to register it themselves on your OIDC server. This requires that your OIDC server supports either Dynamic Client Registration, or a web interface that Drillster can use. All you need to do is provide Drillster Support the endpoint or web interface URL (and possibly credentials) to register the client application. Drillster will register the client application and set up the SSO in the Drillster platform for you. Once that is done, you can use SSO.

You register it

If your OIDC server does not support this, you have to set up the client application for Drillster yourself. One of the required properties is the redirect URI, which is the Drillster URI where the user is sent to after successful authentication. Since part of this URI is custom for your OIDC integration with Drillster, you'll need to request it from Drillster first.

Once the client application has been registered, please provide the following information to Drillster:

  • Client ID
  • Client secret (see security warning below)
  • The URI of the /.well-known/openid-configuration endpoint

Warning Since the client secret is highly sensitive information, it is very important to send this information in a secure way. Do not send it by email! Please get in touch with Drillster Support to agree on a secure way to hand over the client secret.

If your OIDC server does not have a /.well-known/openid-configuration endpoint, please provide the following information to Drillster:

  • Authorization URI
  • Token URI
  • JWKS URI

Drillster will set up the SSO in the Drillster platform for you. Once that is done, you can use SSO.

Using SSO

Once Drillster has configured SSO for you, you will receive an SSO base URI. You use this URL to send your users to the Drillster web platform and provide single sign-on. The SSO base URI looks like this:

https://www.drillster.com/daas/authenticate/oauth/{third_party}

The third_party is a unique ID for your SSO configuration. To send your users to a specific page in the Drillster web platform, you append the URL of this location to the base URI as a request parameter:

https://www.drillster.com/daas/authenticate/oauth/{third_party}?redirectUrl={redirect_url}

Examples of redirect URLs are:

  • /connector/player/{playable_id} — the Player for a specific playable (e.g. a drill)
  • /user/repertoire — the user's repertoire page
  • /user — the user's home page
Please ask Drillster Support for help with specific redirect locations.