Personify provides vendors with a vendor identifier, user name, password, and initialization block, which lets them integrate SSO. When a member or customer visits a vendor website, the vendor uses SSO to identify the user, if the user is not already logged in. Vendors must send the following information to successfully process a customer login through Single Sign-On:
· Vendor identifier
· URL to which SSO should send the customer after successful authentication
Vendors pass this information to SSO using HTTP GET or HTTP POST. SSO uses the same command to return the authentication information to the vendor.
If
you use HTTP GET, the query string cannot exceed 2083 characters in Internet
Explorer. This could result in the return query string being truncated.
If you use HTTP POST, the customer cannot bookmark the return URL as it
is not recognizable if they use it to try to return to the same page.
The vendor identifier is a number that identifies the vendor to SSO. SSO uses this identifier to know how to decrypt the incoming Vendor Token as it is associated with the vendor password in the SSO database. The Vendor Token follows the following format:
{timestamp:ReturnURL}K_VendorPassword
where:
· Timestamp is in YYYYMMDDHHMMSSsss format.
· ReturnURL is the URL where the customer should be sent after authentication. This should be an absolute path, not a relative path. For example, http://www.tmaresources.com/sometext.
· K_VendorPassword is
the vendor’s password to SSO. The vendor password is the key for encrypting
and decrypting the Vendor Token.
When sent to SSO using HTTP GET, a valid redirect URL to SSO including the vendor identifier and the Vendor Token looks like this:
https://localhost/sso/Login.aspx?vi=1&vt=29c4588725dc100723f32e4217d339ec19045e497efc68db38c89708a214215869efdc1002165c2c37241f83432ba146fb407e2250f2a697c15eb50974b6e81f
where:
· vi is the vendor identifier
· vt is the Vendor Token
Single Sign-On uses the Advanced Encryption Standard (AES) encryption method using the Rijndael algorithm. This algorithm employs a 256-bit key and a 16-byte initialization block. Refer to AES Cross Platform Implementations for available implementations of this algorithm.
When
a member or customer visits a vendor website and the vendor website provides
a link to their association’s Personify website, in order for the Personify
website to recognize the logged in user’s SSO information, the following
needs to be appended to the URL: SSOForce=Y.
For example: <a id="test" href="http://localhost/Personify731Current/Default.aspx?TabId=113&SSOForce=Y">Go
to Product Listing</a>