Hi,

I'm new to SAML and SSO and still finding my feet.

I've been given the task at work to provide SSO across three applications and I'm looking at various options.

In more detail:

We have an  account on http://www.aha.io/ and this has an admin panel to configure SSO using SAML.

We also use  Freshdesk  http://freshdesk.com and this too can be configured for SSO using SAML..

The third app is a REST based application we've developed  using Java and Angular and backed by MongoDB. It is a self contained app that is deployed with its own built in server. (ie it is not hosted in Tomcat, JBoss etc). Users of the application use name/password to login and the user details  are within the MongoDB.

The SSO use case is that users of the REST app can sign on to any of the three  applications using their login credentials for the REST app.

I'm not quite sure of how to go about this. I've done background work and I'm familiar with the notion of identity providers and service providers etc. However I don't yet have a 'gut feel' for how big and (maybe) how painful a task this is. Naively and at a very high level I see this as

Install Wildfly

Look at PicketLink/Wildfly guide and write and deploy an identity provider that does custom authentication talking to mongo.

Look at PicketLink/Wildfly guide and figure out what I need to do to deploy and configure a Service provider.

Configure our account on www.aha.io to talk to the deployed service and identification providers

Configure our account on Freshdesk to to talk to the deployed service and identification providers

Modify our custom application to use the service and identification providers.

Is this viable? Should I perhaps consider the commercial version of JBoss?

I would really appreciate any advice with more detailed steps to achieve SSO.

Many thanks for your help.

Mike