As of v2.5.2 and 2.6.0, SSP ships with a IMS LTI Provider implementation which provides effectively equivalent functionality as the mechanism described here, but in a standards-based way such that no custom development is typically required to achieve the same goals. Be sure you have a good reason to rule out the LTI provider before embarking on a implementing a client for the SSO protocol described below. (Even if you're not running 2.5.2+, 2.6.0+, back-porting the LTI provider may end up being simpler and certainly cheaper to maintain over the long term than writing a custom "Signed URL SSO" client.)