SSO should be more secure

  • updated
  • Completed
The SSO mechanism works great -- but it's horribly insecure if the user is on a public WiFi.  It looks like I can set it to HTTPS but the user has to ignore the SSL cert error.

I also think the token should only work once. Or at least that could be an option.  I guess I could accomplish this with a very short expiration date but expiring after user would provide a little more security.

Sergey, having one of those options available is critical for me.  Option #2 sounds best.  If it was available within the next 30 days or so I'd be able to recommend UserEcho as a solution for my client.

Option #1 would still be "nice to have" but not critical if option #2 was available.

Sergey Stukov
We planned to add this options, will report here as it's will be ready
Sergey Stukov
Hello Michael,

We add HTTPS support

Some examples:

For link to your forum:

You must provide following link:

Try and don't hesitate to contact us

PS: Our widget also support SSO + HTTPS now

Sergey Stukov
  • Answer
  • Completed
Please tell us is this feature is critical to start UE evaluation for your company?

1) We able to add option like (expires after first use)
2) Also we consider about making special link for SSL-secured SSO authorization
with following workflow 

and then we will auth and redirect user to your private forum
that placed under http://
 Sign in to leave a comment