Our customer has a school administration system with many active users: most Danish teachers, students and their parents use the system to collaborate and organise studying process.
The system provides rich functionality (about 250 pages) and works very fast. This is one of the major reasons for its success.
The school administration system has been recently partially modernised using the newest technologies. Now it actually consists of two systems — “Classic” and “New”. Both parts are independent and have own authentication contexts.
In order to move from one to the other, the users had to re-login. Furthermore, there were integrations with learning platforms which also required additional authentication. Besides, there were 3rd-party Identity Providers, which should be supported.
Single Sign-on (SSO) solution was required to resolve all these issues and allow users to switch between systems seamlessly, using a single login. A big number of active users (around 1.5 million) and multi-tenant architecture (about 2 thousand schools) required a solution with low latency, high flexibility and readability.
SAML 2.0 is a standard protocol for SSO solutions. New global SAML 2.0 Identity Provider has been implemented in order to serve logins to all schools. Each school is acting as a Service Provider for the Identity provider. Redis has been used as a session data store to handle expected load (6000 ops/second) with required reliability.
The implemented solution gives our customer the possibility to switch between parts of the system without re-logging in. Single Identity allows using one login through all schools and other integrated systems in a secure and effortless way.