SSO (Single Sign-On)

Single sign-on (SSO) is a method of access control of multiple related, but independent software systems. You may use your own SSO process to access Media Factory user accounts.

Important: Due to browser security restrictions it is not possible to set cookies for a domain that does not match your own. In the following example, this domain will be clientsite.com and the New Spark hosted site will be newspark.clientside.com.

As part of this setup, you must ensure that you make a DNS entry (CNAME,ARECORD) for the New Spark hosted app with your DNS provider.

http://newspark.clientsite.com would CNAME to http://your-newspark-app.url.com 

(This is typically a projects.fm URL)

SSO Diagram

Your newly created CNAME will be the end point used for all API calls to our system, referred to later in this documentation

Steps

  1. The whole process begins with the user visiting your locally hosted site at www.clientsite.com. Once the user logs into your site using their credentials, it is up to your system to make one of the 2 following service calls to New Spark servers to either create, or validate the user, using the end point previously mentioned.
  2. users.getSessionToken - Use this call if you have stored the users New Spark Identifier locally on your system. This will use that ID, in conjunction with your API key to retrieve a session token for this user.

    users.registerOrUpdate - Use this call if you don't plan on storing any New Spark information in your system, this call will create the user at New Spark, or update the user if they already exist, and then return a session token for you to use to authenticate the user on your New Spark hosted app.

  3. Once the New Spark system receives your request for an session token it will then create, or update the user in our system and return a session token to be used to log the user into your New Spark application.
  4. Your site needs to use this session token and set the value for a cookie named SABRE_ID for your domain, prefixed by a ".". Once this cookie is set your site should then forward the user to your New Spark hosted application, if all was done correctly the user will by pass any login screen hosted by this application.
  5. PHP

        setcookie("SABRE_ID", "SESSION TOKEN", 86400, "/", ".clientsite.com");
        header("Location: http://newspark.clientsite.com\n\n");

    C#

     
        HttpCookie myCookie = new HttpCookie("SABRE_ID");
        myCookie.Value = SESSIONTOKEN;
        myCookie.Expires = 86400;
        myCookie.Domain = ".clientsite.com"
        Response.Cookies.Add(myCookie);
        Response.Redirect("http://newspark.clientsite.com");
        

Notes:
To log a user out, you will need to delete the SABRE_ID from the domains you set it.

Here is a basic example in PHP, that will retrieve a session token, and log the user in.


$arguments = array(
  'APIKEY' => 'YOURAPIKEYHERE',
  'method' => 'users.getSessionToken',
  'vhost' => '1',
  'userId' => 123456
);
$path = 'http://newspark.clientsite.com/services/json';
$url = $path .'?' . http_build_query($arguments,null,'&');

$data = file_get_contents($url);

$data = json_decode($data);
setcookie("SABRE_ID", $data->result, time()+3600, "", ".clientsite.com");
header("Location: http://newspark.clientsite.com/\n\n");

0 comments

Be the first to comment on SSO (Single Sign-On).

Add a Comment

  • captcha