Dozuki Single Sign On

Dozuki SSO allows the users of your site to be automatically signed in when they visit your Dozuki site. To make this as simple as possible, we provide a canonical implementation which you can copy and alter and may be all you need.

Terms

Your Site
The website who's user signin state will be shared with your Dozuki site.
Your Dozuki Site
The dozuki.com website that users will be automatically signed in to.
Remote Authentication URL
The URL on your site of the page you create from below.

What You Need To Do

Pick a URL on your site for remote authentication

It can be whatever you want, but it must be accessible by all users, even those that are not signed in.

Create a page that responds to that URL

The page should follow the below logic:

  1. If the register url parameter is set to "1", send the user to your register/signup page, and then back to your Remote Authentication URL.
  2. If the user is not signed in, send them to your signin page, and then back to this same URL.
  3. Build a URL encoded HTTP query string of the required parameters (exclude the question mark) 
    query = "userid=2345&email=george@email.com&name=George&t=1357604345"
  4. Compute the SHA1 hash of your SSO secret appended to the end of the query string. Note: the secret should NOT be sent in the query string. 
    hash = sha1(query + secret)
  5. Append &hash=abcd01234... to the end of your query string 
    query = query + "&hash=" + hash
  6. Redirect the user to the URL: http://www.dozuki.com/Guide/User/remote_login with your query string from above appended to the end. 
    url = "http://www.dozuki.com/Guide/User/remote_login?" + query

Required URL Parameters

The order is only important for the hash parameter, which MUST be the last parameter.

Parameter Description
userid A string that uniquely identifies the signed in user. This can be anything that doesn't change: (id, email, username).
email The user's email address. It must be valid and unique among your users.
name The display name for the user.
t Unix timestamp. The integer number of seconds since Unix EPOCH expressed in GMT.
hash Hex representation of the SHA1 hash from above.

Test It

The easiest way to test your implementation is to use the test form in the SSO section of the Manage page for your site.

You can also test your implementation from above by appending /test to the Dozuki URL to make it http://www.dozuki.com/Guide/User/remote_login/test Then visit the remote authentication URL on your site. You should be redirected to your Dozuki site and see a Success message, or an explanation of failure.

Enable SSO

After using Test mode to verify that your implementation is correct, enable SSO using the management interface and enter your Remote Authentication URL.

Anonymous Users

If a user is redirected to your remote authentication URL and they are not signed in, you will need to send them to your signin page and then redirect them back to your remote authentication URL once they've been authenticated.