Single Sign On and Secure Podcasting

Single Sign On (SSO) is a term used to reference many protocols to provide a way for corporate accounts to use the same account sign-in to access content from various sources. The term refers to how a user can login with a single ID and password issued within a corporate or organizational network to gain access to other systems without using different credentials and only having to sign in once. It is a convenient way for an organization to easily provide 3rd party services as well as limit what is accessed without additional account management.

The process can reference various protocols. The most common protocol is SAML. The remainder of this page describes what is required and the limitations with podcasting with SAML SSO.

SAML Single Sign On Requirements

The following information is necessary in order to setup SAML Single Sign On with a podcast website.

  • Entity ID or Issuer ID (IdP)
  • SAML Login URL  e.g. https://example.com/passiveLogon
  • X.509 Certificate

In addition, you may need to know if the LdP the application needs to “sign” responses and if the LdP will “sign” Assertions.

Single Sign On limitations with Podcasting

Single Sign On and podcasting has many limitations. The biggest being that the authentication must take place within a web browser, limiting the initial interaction with a podcast listener via web only (not within podcasting applications). There are two ways to get around this limitation, each with their own problems.

Single Sign On with issued unique podcast feed URLs. When a listener signs into the podcast website, special unique podcast feed URLs can be created for that user to use in their favorite podcast application. These unique URLs are only secured by obscurity. So as long as each listener does not share the URL with anyone the content is secure. Blubrry does not recommend this method of providing podcast subscriptions to listeners. There are known cases where such feeds have become available on directories such as Apple and Google Podcast directories.

Single Sign On with custom passwords to access secure feed URLs. When a listener signs into a podcast website, the user is prompted to come up with a special podcast access password, or a special podcast access password is issued to them. This password along with their username shared via SSO is then used to allow them to authenticate to access the podcast. Blubrry recommends this method as it prevents the possibility of such a podcast from getting indexed by search or submitted to podcast directories by accident.

Looking for Premium Podcasting Services? Please contact Blubrry Podcasting today for a quick call with our staff to explore options available to you.