Single Sign-On principles
Single Sign-On depends on a “secret” shared between you and vLex. This secret is used in order to create a link from your server to vLex that contains the following data:
- Name of user
- E-mail of user
- Account ID
- Date in which the link has been created
- A “hash” parameter, calculated between these parameters and the shared secret. This allows us to validate that the user is who he says he is and that he has been already approved by you.
When vLex receives this link, it checks its validity and that the “hash” value is correct, and if so, the following will occur:
- If there is already an user in vLex with the email address included in the link, vLex recognizes he as such so as to enable direct access to vLex
- If there is no user, we create it automatically in our system and also access vLex without further ado.
What do I have to implement in my server?
You must implement a page in your server that validates the correct identification of the user in your system, and being that the case it will perform a HTTP redirection to the authenticated link.
How do you build the authenticated link?
vLex provides the example code so as to avoid its programming, but if you would like to enter your own code, you must build the link as follows:
-The url of the link is http://vlex.com/session/remote_auth
-The link must have the following GET parameters
- name: user’s name, for instance, John Smith
- email: user’s email
- timestamp: this is the instant in which the link is created, represented by seconds from the Epoch, for instance: 1049896564
- account_id: your account id, this information appears when activating Single Sign-On from Account
- hash: the value that we use to validate the rest of the fields, and it is computed as follows:
Remember that in order to compute a hash the order of the fields is really important.
Token is the shared secret between you and vLex. You will find this information when activating Single Sign-On from Account
Where is the example code?
The code is available in: http://github.com/vlex/remote_auth
This code shows how to build the authenticated link in several programming languages.