Single Sign On

1. Create a json object of the users information.

Take the information that you want to pass to FeedbackRoad and put it into a JSON object.

field namedata typedefaultnotes
user_guidStringRequiredA unique identifier for the user in your system.
user_expiresTimestampnever expiresGMT expiry time of the token in format YYYY-MM-DD HH:MM:SS.Defaults to never expiring.
user_typeStringuserMust be set to either user or moderator
user_display_nameStringanonymousThe name displayed when this user creates ideas and comments.
user_emailString The email address to be used for email notifications to user.
notification_on_new_ideaBoolean1Must be 0 or 1. 0 indicates false meaning the user should not receive notification on new ideas.
notification_on_new_commentBoolean1Must be 0 or 1. 0 indicates false meaning the user should not receive notification on new comments.
notification_on_update_statusBoolean1Must be 0 or 1. 0 indicates false meaning the user should not receive notification on updated status.
notification_on_admin_messageBoolean1Must be 0 or 1. 0 indicates false meaning the user should not receive notification on new admin messages.

Example JSON
{"user_guid":1234,"user_display_name":"John Smith","user_email":"john@smith.com","user_type":"user"}

2. Create a single sign on token.

Now turn the json object into a token that can be passed to your forum.

Encrypt the JSON object you created above with AES encryption. Your feedbackroad.com subdomain is your password and your api key is the salt. The api key is available from Settings-->SSO.
Base64 encode the encrypted output to generate the token.
Escape the token to make it web-safe.

3. Pass the single sign on token to FeedbackRoad.

Next add the created token to your FeedbackRoad URL as a parameter named sso. You can append the token onto a link to your forum

Example URL

4. Secure your Token with an Expiration Date

We recommend setting the user_expires timestamp equal to the session expiration. This will ensure tthat the token does not last past the users current login time and that the token does not expire before the user has a chance to click on it. For example if the current date/time is 2011-09-12 09:00:00 and the session expires in 10 minutes the expiration date/time would be 2011-09-12 09:10:00

Example JSON
{"user_guid":1234,"user_expires":"2011-09-12 09:10:00"}

5. Login

The above works when a customer is already logged into your website and then they come to the FeedbackRoad forum. In cases where the user is not yet logged in and they try to visit the forum and you are only using SSO Login the user will be sent to your SSO Login URL to complete the login process INSTEAD of visiting the normal FeedbackRoad login page.

If your forum is setup to accept either regular or SSO login the customer will be taken to the regular login page which will have an additional link at the bottom to login from your website.

Once the user has logged in you should send them back to the forum to continue whatever they were wanting to do.

6. Logout

When a user selects to logout of the FeedbackRoad forum they can also be logged out of your site. Just enter the URL that they should be sent to in order to be logged out as your SSO Logout URL. If you do not want them to be automatically logged out of your system leave the SSO Logout URL blank.

7. Testing

For initial testing purposes we recommend using the setting for both SSO & Regular Login this will allow you to temporarily use either login while ensuring that your SSO login works. Note that admins can also always login from http://www.feedbackroad.com/login even when SSO is turned on.

collecting customer feedback
Collecting your customers feedback just became a lot easier
Feedback Collection more...

© 2011 www.FeedbackRoad.com
All Rights Reserved