Single Sign-On (SSO) is used to integrate UseResponse with other software or service that is primarily used for storing user accounts. In other words, you can use the login form of your own website, software or service to authenticate users in UseResponse using accounts of your system and be automatically authorized in both.
Current method is called One Login method but there are also LDAP, SAML and oAuth 2.0 methods available.
One Login Settings
Go to Administration » Applications and enable Single Sign-On. Then click Settings and select the One Login method that allows you to authenticate using Cross-site Requests with Secure Web Token. You need to define the following primary settings:
- Integration Domain - a domain where your application is located to integrate UseResponse with. Domains without www and with www are considered to be different. Don't enter http or https as a part of domain here. Example: mydomain.com
Note
You can add multiple domain names and use several authentication forms
- External Login URL - enter URL of your application login page. You'll be redirected to this URL once you click the Login link at UseResponse. After a successful login, the user will be redirected back to UseResponse. Example: http://domain.com/login
- External Logout URL - URL is used to logout user from both application and UseResponse. Example: http://domain.com/logout
There are two more options to make your authentication process more seamless:
- Use Only SSO Authentication - enable this option if you want users to go to your application login form once any authentication is required in UseResponse instead of opening native login form;
- Disable Registration Email - user accounts are always created in our system, but users shouldn't know about this, so once an account is created in UseResponse, they shouldn't get any registration email. For troubleshooting, please go to /login in your browser to use the native method of authentication.
One Login Integration
UseResponse SSO class is available for the following programming languages/frameworks:
Upload and include UseResponse SSO class into your application, preferably prior to all script logic, and in a file that will be used for all page requests.
<?php require 'useresponse-sso.class.php'; UseresponseSso::getParameters(); // further index.php code ?>
Integrate second code snippet into your script output at the place, which occurs right after user is successfully logged in and logged user information is accessible by your script as a variable, object or with a static method. Please make sure either cookies or sessions not being sanitized/purged with the script you integrated with, otherwise, redirect back to UseResponse won't happen:
'domain' => '', // where UseResponse installed at (ex: http://help.domain.com or https://help.domain.com) 'secret' => '', // secret key you got from OneLogin page at UseResponse 'fullname' => '', // accessible value of logged user's full name 'email' => '', // accessible value of logged user's email 'user_id' => '', // accessible value of logged user's id 'property_id' => '', // value to assign required custom field ); UseresponseSso::setup($options); UseresponseSso::script(); ?>
The secret key and domain name could be taken from Administration » Applications » Single Sign-On » Settings » Single Sign-On tab. Make sure to add the valid protocol HTTP or https in the code.
Locate UseResponse class in Helpers directory. If there is no such directory, please create it in the root folder of the project.
To include class please use the following example:
using System.Web.Mvc; using UseResponseSso.Helpers;
UseresponseSso ur = new UseresponseSso( "http://community.example.com"// UseResponse Community Domain "secretkey", "Alex", "user@example.com", "992" // Internal User ID ); // specify the URL to redirect back ur.Login(ur.GetCommunityDomain());
If you've successfully integrated the method, you should authenticate in your application and be automatically logged in UseResponse once you go to the instance URL.
Authentication in Widgets
UseResponse allows authenticating users in widgets without page reload in case the user is logged in your website or application login form integrated with UseResponse instance.
To add the ability to authenticate users in widgets, please integrate the following code snippet into the client-side where UseResponse widget is located:
let ssoToken = ''; // the result of GetSdkToken() method UR.remote({ cmd: '@authenticate', data: {sso_token: ssoToken}, onInit: function () {} }).done(function (response) { });
where the "response" variable can be used for indication of a successful or failed login.
Here is an example of how to use the class:
class UseresponseController < ApplicationController def index config = { source: 'mydomain.com', domain: 'https://mydomain.useresponse.com', secret: '680f9e64a62898047662780816f4418a9681c72c59ad30ff19cce8d4bf112ecb' } attributes = { fullname: 'John Bobson', email: 'john@example.com', user_id: '1' } redirect_to Useresponse::OneLogin.new(config).url(attributes) end end
Custom User Fields
You can pass custom fields of users logged in UseResponse. In order to accomplish it, please add the following parameters as shown in the example below:
'property_172' => '187', 'property_202' => '20-07-1987', 'property_245' => '263|265', //multiple values for a field
where property_172 is user's field id that can be taken from Administration » Custom Fields » Users and 187 is value's id of a custom field.
Multi-Forums
If you organized several communities and want users to log in each community separately, you need to add Redirect param with encrypted URL of the required community. Optionally UseResponse allows you to skip encryption of redirect param, you would have to apply URL encoding on it. You can use HttpServerUtility.UrlEncode method. So you should get the SSO URL as shown below:
https://yourdomain.com/sso/d4j4f5w5k4u564e4o2s4g5k494h4w5m2m4m4o5m41684n4d4m2d4c4/n3g4x5x59406d2o4/j4g4x5x59406t443l4a4v5c4a4q4z3k4i4d426p4f5p4a4u244e4/y2233424/e5b39acffb16a3287a652a31683c17aadfa4c07c/direct-sso?redirect=https%3A%2F%2Fyourdomain.com