This documentation site is about the unstable (upcoming) Comentario version.  Switch to the stable version »

SSO authentication

Single Sign-On settings

Single Sign-On (SSO) allows you to authenticate users via an external provider, so that they don’t need to create a separate Comentario account. There’s also an option for a non-interactive SSO login, when the authentication process happens in the background.

SSO server

For the SSO authentication you’ll need to specify an SSO server URL, which must be an https:// address.

SSO secret

The SSO secret is a randomly generated 32-byte sequence, which represents a shared secret and looks like this:

a7c0a4de68cef4f16dcce202f5ec378dd5a858a307ec3858c91742c7eccece77

It’s created by clicking the SSO secret button on the Domain properties page. When generated, this value is only displayed once, so make sure it’s safely stored.

Interactive vs. Non-interactive

Comentario supports two SSO flavours: interactive and non-interactive.

Interactive SSO

Interactive SSO authentication flow means it’s triggered by the user and requires them to do something in the popup window that appears. What exactly, depends on the SSO provider being used.

Non-interactive SSO

Non-interactive SSO authentication flow is very much similar to its interactive counterpart, but, as the name suggests, it doesn’t require any interaction from the user.

Single SSO provider for multiple domains

If your SSO provider is used for authentication against multiple Comentario domains, and you want to know which domain triggered the authentication, you can use one of the two options.