Single Sign On Authentication
- Membes Support
Overview
This document provides technical specifications for authenticating profiles via the membes Single Sign On (SSO).
Enable SSO
The customer can request SSO be enabled by logging a ticket in the Help Desk
Via login from third party software
Use this process for a link from third party software to a login form where user is authenticated with both membes and third party software.
Prerequisites
Client ID
referred to as
[[client_id]]in this document.This is provided FROM Membes
Callback URL
referred to as
{{callback_url}}in this document.Provided TO Membes via the Helpdesk.
SSO Process
Direct user to SSO form (login form)
https://{{customer_website_url}}/member/oauthlogin/?redirect_uri=http://{{callbackurl}}&client_id=[[client_id]]&state=[optional_internal_state]This call will display login form in the users browser
On login by the user via the SSO form
User is authenticated with Membes AMS.
User is redirected to
{{callback_url}}.
The callback to
{{callback_url}}will contain the following parameters&state=[optional_internal_state](passed through from step 1)&profileID=[profile_id_of_authenticated_user]&email=[primary_email_address_of_autenticated_user]&status_id=[membership_status_of_autenticated_user](0 = No, 1 = Active Member, 2 = Inactive Member)
Although the Membes API is not a prerequisite for the Membes SSO, the Membes API could be used from this point to retrieve or update profile details.
User Logout
To log a user out from their session in Membes:
https://{{customer_website_url}}/member/oauthlogoutResponse:
{ status: true }
Access third party software via link on website
Use this process if you want to provide a link to the third party software from a user already logged into their Membes website.
Prerequisites
Membes API
See Membes API
Creating the Link in website
Login to Membes admin > CMS.
Navigate to the page that you want to place the link to the 3rd party software in.
Make sure the page is set to requires login, as the user must be logged in for the Authenticated URL to be generated.
In the href parameter of the link, place the following shortcode:
[code]Application.util.authLink("www.yoursite.com")[/code]
This shortcode, when rendered, will generate a url containing a JWT Token as a url parameter called “membes_token”.
e.g. https://www.yoursite.com/?membes_token=[jwttoken]
When the logged in user clicks the generated link they will be sent to “https://www.yoursite.com” with the token appended to the URL.
Validating the Token
When you receive a request to http://{{customer_website_url}} with membes_token in the URL, you then validate this token via the Membes API at [membesapiurl].
Send token to (membes API v2 ): GET https://[membesapiurl]/api/token/validate/[jwttoken]
Response will be JSON format:
{
valid: true|false,
data: {
id: [membes PK],
profileNumber: [profileNumber],
firstName: [first name],
surname: [surname],
email: [primary email address],
membershipType: [membership type as string],
membershipTypeID: [membership type as ID],
membershipStatus: [membership status as string (--, Active, Inactive) ],
membershipStatusID: [membership status as ID],
}
}