Our customer has a school administration system with many active users: most of Danish teachers, pupils and their parents use the system to collaborate and organize studying process.
The system provides rich functionality (about 250 pages) and works very fast. This is one of the major reasons of its success.
The school administration system has been recently partially modernized using newest technologies. Now itactually consists of two systems – “Classic” and “New”. Both parts are independent and have own authentication context.
In order to move from one to another, users had to re-login. Furthermore, there are integrations with learning platforms which also require additional authentication. Besides, there are 3rd-party Identity Providers, which should be supported.
Single Sign-on (SSO) solution was required to resolve all these issues and allow users to switch between systems seamlessly, using single login. A big number of active users (around 1.5 million) and multi-tenant architecture (about 2 thousands schools) require solution with low latency, high flexibility and readability.
SAML 2.0 is a standard protocol for SSO solutions. New global SAML 2.0 Identity Provider has been implemented in order to serve logins to all schools. Each school is acting as a Service Provider for the Identity provider. Redis has been used as a session data store to handle expected load (6000 ops/second) with required reliability.
The implemented solution gives our customer the possibility to switch between parts of the system without re-logging in. Single Identity allows using one login through all schools and other integrated systems in a secure and effortless way.