Dozuki Single Sign On
Dozuki SSO allows the users of your site to be automatically signed in when they visit your Dozuki site. To make this as simple as possible, we provide a canonical implementation which you can copy and alter and may be all you need.
- Your Site
- The website who's user signin state will be shared with your Dozuki site.
- Your Dozuki Site
- The dozuki.com website that users will be automatically signed in to.
- Remote Authentication URL
- The URL on your site of the page you create from below.
What You Need To Do
Pick a URL on your site for remote authentication
It can be whatever you want, but it must be accessible by all users, even those that are not signed in.
Create a page that responds to that URL
The page should follow the below logic:
- If the register url parameter is set to "1", send the user to your register/signup page, and then back to your Remote Authentication URL.
- If the user is not signed in, send them to your signin page, and then back to this same URL.
- Build a URL encoded HTTP query string of the required parameters (exclude the question mark)
query = "email@example.com&name=George&t=1357604345"
- Compute the SHA1 hash of your SSO secret appended to the end of the query string. Note: the secret should NOT be sent in the query string.
hash = sha1(query + secret)
- Append &hash=abcd01234... to the end of your query string
query = query + "&hash=" + hash
- Redirect the user to the URL: http://www.dozuki.com/Guide/User/remote_login with your query string from above appended to the end.
url = "http://www.dozuki.com/Guide/User/remote_login?" + query
Required URL Parameters
The order is only important for the hash parameter, which MUST be the last parameter.
|userid||A string that uniquely identifies the signed in user. This can be anything that doesn't change: (id, email, username).|
|The user's email address. It must be valid and unique among your users.|
|name||The display name for the user.|
|t||Unix timestamp. The integer number of seconds since Unix EPOCH expressed in GMT.|
|hash||Hex representation of the SHA1 hash from above.|
The easiest way to test your implementation is to use the test form in the SSO section of the Manage page for your site.
You can also test your implementation from above by appending /test to the Dozuki URL to make it http://www.dozuki.com/Guide/User/remote_login/test Then visit the remote authentication URL on your site. You should be redirected to your Dozuki site and see a Success message, or an explanation of failure.
After using Test mode to verify that your implementation is correct, enable SSO using the management interface and enter your Remote Authentication URL.
If a user is redirected to your remote authentication URL and they are not signed in, you will need to send them to your signin page and then redirect them back to your remote authentication URL once they've been authenticated.