This SSO implementation is based on SAML (Security Assertion Markup Language) and allows your application to sign in an existing GoodData user. The authentication is done not by username and password, but by exchanging authentication and authorization data between the parties.
GoodData supports SAML Identity Provider-initiated scenario only:
Configure the following settings:
|SAML version||2.0 (version 1.0 and 1.1 are not supported)|
|Post back URL (destination)|
(a URL where the SAML response and assertion is consumed). For a white-labeled instance, use your hostname instead.
(a URL of the assertion consumer). For a white-labeled instance, use your hostname instead.
|Name ID format||EmailAddress|
|Sign assertion||Yes (default) / No (let us know if you are not able to sign the assertion)|
|SSO Init type||Identity Provider-initiated|
|RelayState||The URL in GoodData where the user is redirected after a successful login|
For an example of the SAML message consumed by the GoodData side, click here.