Single Sign-On (SSO) is used to integrate UseResponse with other software or service that is primarily used for storing user accounts. In other words, you can use login form of your own website, software or service to authenticate users in UseResponse using accounts of your system and be automatically authorized in both.
Single Sign-On is not in the core of the system and is available as Add-On in self-hosted package
One Login Settings
Go to Administration » Login Plus » Single Sign-On and enable One Login method that allows you to authenticate using Cross-site Requests with Secure Web Token. You need to define following primary settings:
- Integration Domain - domain where your application is located to integrate UseResponse with. Domains without www and with www are considered to be different. Don't enter http or https as a part of domain here. Example: mydomain.com
You can add multiple domain names and use several authentication forms
- External Login URL - enter URL of your application login page. You'll be redirected to this URL once you click on Login link at UseResponse. After successful login, user will be redirected back to UseResponse. Example: http://domain.com/login
- External Logout URL - URL is used to logout user from both application and UseResponse. Example: http://domain.com/logout
There are two more options to make your authentication process more seamless:
- Use Only SSO Authentication - enable this option if you want users to go to your application login form once any authentication is required in UseResponse instead of opening native login form;
- Disable Registration Email - user accounts are always created in our system, but users shouldn't know about this, so once account is created in UseResponse, they shouldn't get any registration email. For troubleshooting, please go to /login in your browser to use native method of authentication.
One Login Integration
UseResponse SSO class is available for the following programming languages/frameworks:
Upload and include UseResponse SSO class into your application, preferably prior to all script logic, and in file that will be used for all page requests.
<?php require 'useresponse-sso.class.php'; UseresponseSso::getParameters(); // further index.php code ?>
Integrate second code snippet into your script output at the place, which occurs right after user is successfully logged in and logged user information is accessible by your script as variable, object or with static method. Please make sure either cookies or sessions not being sanitized/purged with script you integrated with, otherwise redirect back to UseResponse won't happen:
<?php $options = array( 'domain' => '', // where UseResponse installed at (ex: http://help.domain.com or https://help.domain.com) 'secret' => '', // secret key you got from OneLogin page at UseResponse 'fullname' => '', // accessible value of logged user's full name 'email' => '', // accessible value of logged user's email 'user_id' => '', // accessible value of logged user's id ); UseresponseSso::setup($options); UseresponseSso::script(); ?>
The secret key and domain name could be taken from Administration » Login Plus » Single Sign-On page of your UseResponse instance. Make sure to add valid protocol http or https in the code.
Locate UseResponse class in Helpers directory. If there is no such directory, please create it in the root folder of the project.
To include class please use the following example:
using System.Web.Mvc; using UseResponseSso.Helpers;
UseresponseSso ur = new UseresponseSso( "http://community.example.com" // UseResponse Community Domain "secretkey", "Alex", "email@example.com", "992" // Internal User ID ); // specify the URL to redirect back ur.Login(ur.GetCommunityDomain());
If you've successfully integrate the method, you should authenticate in your application and be automatically logged in UseResponse once you go to the instance URL.
If you organized several communities and want users log in each community separately, you need to add Redirect param with encrypted URL of required community. Optionally UseResponse allows to skip encryption of redirect param, you would have to apply URL encoding on it. You can use HttpServerUtility.UrlEncode method. So you should get the SSO URL as shown below: