Configuring mySupport Authentication Applications

Configuring Single Sign On Integrations

Use the Options and Tools| Integrate | Authentication Applications screen to configure a third party application (for example, a customer portal) to link to a mySupport portal’s login page and pass the credentials of the third party application and user in a query string. In the fields in this screen, enter a descriptive name and select the value to be passed from the third party application to authenticate. If the passed value will be hashed, enable cryptographic hash, select the hash algorithm type, and enter the expiration duration in minutes.

Authentication Application

Once saved, the record will have an Application Identifier (and a Private Key if Use Cryptographic Hash was set to Yes).

Authentication Application

Configure the third party application to:

Application Identifier -  “appId”

Authentication Type:

o   Customer IDlogin”

o   Login -  login”

o   Secondary Login - login”

o   Synchronization Key - login”

o   Customer Email, First, and Last Namefname”, “lname”, “email”

If cryptographic hash is enabled, the following query string parameters are required:

Complete date plus hours, minutes and seconds: YYYY-MM-DDThh:mm:ssTZD (e.g. 2012-02-16T19:20:30Z)

DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ssZ")

Example of the value to be MD5 hashed:

 

When the mySupport portal authenticates, the Authentication Application record for the “appid” parameter will be retrieved.

The user record will be retrieved by the “login” or by the “fname”, “lname”,  and “email” parameter(s) based on the Authentication Type settings.

If cryptographic hash is enabled, the time stamp query string value will be checked to ensure it has been less that the Hash Expiration Duration specified in the record. Then the private key from the record, time stamp, and user values from the query string will be MD5 or SHA1 hashed and compared to the hash from the query string. If the time stamp is older than the Hash Expiration Time, or the hash does not match or required query string values are not provided, the user will be redirected to the login page.

Examples:

Application Name = Internal Customer Portal A

Authentication Type = Login

Use Cryptographic Hash = No

Application Identifier = 1

Link = http://example.com/user/account/applicationlogin?appid=1&login=dgreen

 

Application Name = internal Customer Portal B

Authentication Type = First, and Last Name, Email

Use Cryptographic Hash = No

Application Identifier = 2

Link = http://example.com/user/account/applicationlogin?appid=2&fname=dan&lname=green&[email protected]

 

Application Name = External Customer Portal C

Authentication Type = Customer ID

Use Cryptographic Hash = Yes

Hash Expiration Time = 1 min

Application Identifier = 3

Private Key = 416ec4c1-4349-4d69-9795-17df0e22538b

Link = http://example.com/user/account/applicationlogin?appid=3&login=dgreen&timestamp=2012-02-16T19%3A20%3A30Z&hash=2488336E2973627D7BC36CE5F5CE7CAC

 

An optional “returnUrl” query string parameter can be specified to redirect the user to a specific page within the mySupport portal.

Link = http://example.com/user/account/applicationlogin?appid=3&login=dgreen&timestamp=2012-02-16T19%3A20%3A30Z &hash=2488336E2973627D7BC36CE5F5CE7CAC&returnUrl=%2fUser%2fIncidents%2f

 

Example of logic to generate the hash:

C# Hash Logic:

byte[] asciiBytes = Encoding.ASCII.GetBytes(value);

byte[] hashedBytes = MD5CryptoServiceProvider.Create().ComputeHash(asciiBytes);

string hashedString = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();