Single Sign-on Specification
The Brainfuse single sign-on service is a simple integration mechanism that allows Brainfuse clients who use their own authentication mechanism to sign their users directly into the Brainfuse Learning Suite.
The integration is accomplished by embedding a dynamically-generated Integration URL into the client's LMS.
Brainfuse generates the Integration URL(s) soon after receiving the client’s setup specifications.
The Integration URL is a dynamically-generated URL that is composed of a branch prefix, a client prefix and the client’s user id or barcode in the following format.
This is an optional prefix within the branch that can further categorize the user into subdivisions for reporting purposes e.g.(branches within a library, programs within a college campus, etc.) Brainfuse always creates a subdivision with the name main.
The branch prefix represents one of the branches, campuses or any other sub-entity that the currently logged in user belongs to. Typically the branch prefix is generated dynamically based on the currently logged in user. During the setup phase, the client will provide Brainfuse with the various sub-entities (campuses, branches or library systems).
Brainfuse will generate unique URLs for each of these sub-entities.
The client URL section represents a unique subdomain amongst all Brainfuse clients. That subdomain will be generated by Brainfuse upon receiving the client’s intake sheet.
An optional subdomain that is occasionally provided by Brainfuse. Typically this is a two letter state abbreviation where the client is located.
brainfuseServiceURI is an optional parameter that identifies the service requested so that the user can be directly redirected to the service URL.
If the serviceURI is omitted, the user will be redirected to the account home page.
The possible values for the service URI can be one of the following:
• test: For accounts that opt into the Test Center service. This URI will direct the user to the Test Center service.
• helpnow: For accounts that opt into the HelpNow and JobNow services. This URI will direct the user to the HelpNow service homepage.
• jobnow: For accounts that opt into the JobNow and JobNow services. This URI will direct the user to the JobNow service homepage.
• writinglab: For accounts that opt into the Writing Lab services. This URI will direct the user to the writing lab services.
*Available URIs on demand(must be approved by Brainfuse first)
URL parameters provide the main communication method with the Brainfuse single sign-on system. The parameters in bold are required, others are optional but recommended to ensure a better user experience.
· bc: (Required if using single sign-on system) The userId consists of up to 50 alpha-numeric characters. The userId must be unique for the currently logged in user on the client system of the branch or sub-entity to which the user belongs.
· firstName: The first name of the currently logged on user on the client system.
· lastName: The last name of the currently logged on user on the client system.
· email: The email address of the currently logged on user on the client system.
Authorization and authentication:
The Brainfuse integration URL is typically secured by one or more of these authentication mechanisms:
1.IP Address authentication:
Typically this is used in cases where the client employs a URL Rewriting proxy. The client provides Brainfuse with the IP Address of the proxy server. The system verifies the user is visiting the site from this IP Address.
The client can provide Brainfuse with one or more referral URLs. Upon visiting the Integration URL, Brainfuse system will verify the referral URL and allow access if it is on the list of allowed referral URLs.
This URL will register or login the user with the id 12321312312 into the main subdivision of the xxx Branch of the Demo client and then redirect the client to the service home page.
This URL will register or login the user with the id 12321312312 into the main subdivision of the xxx Branch of the Demo client and then redirect the client to the Adult Learning Center service page.
This URL will register or login the user with the id 12321312312 into the main subdivision of the xxx Branch of the Demo client, and then redirect the client to the Adult Learning Center service page.
Brainfuse side of the Integration
Once the user clicks on the integration URL, the system will look up a user with the unique user id provided. If a user exists on the Brainfuse side, the system automatically logs the user into the Brainfuse system and brings them to the homepage or to the Brainfuse service specified in the URL.
If the userId was not found, the system will prompt the user to either connect to an existing Brainfuse account or create a Brainfuse account with information not provided in the URL.
If the user clicks Save they will not be prompted again with this page. If the user clicks Skip and Proceed, they will be prompted again upon visiting the Integration URL.
The user also has an option to connect their client userId to an existing Brainfuse username and password.
Our site's registration form requires users to give us contact information (like their name and email address), unique identifiers, and financial information (like their account or credit card numbers). We use customer contact information from the registration form to send the user information about our company and promotional material from some of our partners. The customer's contact information is also used to contact the visitor when necessary. We use IP addresses to help diagnose problems with our server, to administer our Web site, and to gather broad demographic information. Users may opt-out of receiving future mailings; see the choice/opt-out section below. Financial information that is collected is used to bill the user for products and services. Unique identifiers are collected to verify the user's identity and for use as account numbers in our record system. This site may contain links to other sites. Brainfuse is not responsible for the privacy practices or the content of such Web sites. Our site uses an order form for customers to request information, products, and services. We collect visitor's unique identifiers (like their social security number) and financial information (like their account or credit card numbers). Financial information that is collected is used to bill the user for products and services. Unique identifiers (such as social security numbers or passwords) are collected from visitors to verify the user's identity and for use as account numbers in our record system.
From time to time, appropriate information may be shared between Brainfuse and user's school or other educational institution if such school or institution is the purchaser of Brainfuse services for the user.
Brainfuse does not use user information, except as provided above.
Brainfuse shall retain all ownership in the Site and all content displayed on this specification.
THE SITE AND THE SERVICES PROVIDED BY BRAINFUSE, ITS AFFILIATES ARE PROVIDED "AS IS" WITH NO WARRANTY. BRAINFUSE, ITS AFFILIATES AND USERS EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, REGARDING THE SITE AND SUCH SERVICES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT AND IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR COURSE OF PERFORMANCE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, BRAINFUSE AND ITS AFFILIATES DO NOT WARRANT THAT THE SERVICES PROVIDED BY BRAINFUSE OR THE SITE WILL BE FREE FROM BUGS, DEFECTS OR ERRORS, OR ACCESSIBLE WITHOUT INTERRUPTION.
User agrees not to hold Brainfuse, Brainfuse's agents and employees, officers, directors, or participants in Brainfuse's affiliate Service ("Affiliates") liable for any advice or services delivered which originated through the Site. User releases Brainfuse, Brainfuse's agents, officers, directors, and employees and Affiliates from claims, demands and damages (actual or consequential) of every kind and nature, known and unknown, disclosed and undisclosed, arising out of or in any way connected with such disputes.