How do I activate Anonymous SSO integration?
Contact firstname.lastname@example.org to activate the SSO access option for your account.
Once our IT team has completed your account we will give you access to the following information:
- “Authentication Token.” This is a secret code between vLex and your organization that must be copied into the SSO code, which must be included in your website. It is important to not give any third-party access to this information. If you regenerate this code, you must also update the code on your website.
- “Account ID.” Your vLex account ID. You should copy this number into the SSO code of your website.
Now your IT team needs to copy the SSO code on your web page.
Anonymous SSO Code Page
What should you do?
You need to create a page on your private server that verifies that a user is correctly logged in and, if so, do a HTTP redirect to the authenticated link.
How do you create the link?
vLex provides a sample code so that you do not need to program it. The code is available in several programing languages (C, Phyton, Ruby, PHP, ASP, ASP.NET) and is available in the public project https://github.com/vlex/remote_auth and licensed for public domains.
However, if you would like to program it yourself, the instructions are as follows:
– The URL link should be http://vlex.com/session/remote_auth
– The link should have the following GET parameters
- name: the user’s name, for example: John Smith
- email: the user’s email
- timestamp: the time that the link is generated, represented as seconds from the Epoch, for example: 1049896564
- account_id: your account id, we will send this to you when you begin the integration process
- hash: the value that is used to validate the rest of the fields, it is computed as: hexdigest(MD5(name+email+account_id+token+timestamp))
The hash must be encrypted with the parameters indicated above, which will never be the same as it includes the timestamp. The “+” symbol represents a concatenation of sets of strings.
Keep in mind that when computing the hash, the order of the fields is relevant.
Token is the secret data shared between you and vLex. This information will also be provided to you at the beginning of this integration process.
If you have any questions, please contact us by email at email@example.com.
This post is also available in: Español