/
Single Sign On Authentication

Single Sign On Authentication

Owned by Membes Support
Last updated: Nov 08, 2023
2 min read

Overview

This document provides technical specifications for authenticating profiles via the membes Single Sign On (SSO).

Enable SSO

The customer can request SSO be enabled by logging a ticket in the Help Desk

Via login from third party software

Use this process for a link from third party software to a login form where user is authenticated with both membes and third party software.

Prerequisites

  • Client ID

    • referred to as [[client_id]] in this document.

    • This is provided FROM Membes

  • Callback URL

    • referred to as {{callback_url}} in this document.

    • Provided TO Membes via the Helpdesk.

SSO Process

  1. Direct user to SSO form (login form)

    1. https://{{customer_website_url}}/member/oauthlogin/?redirect_uri=http://{{callbackurl}}&client_id=[[client_id]]&state=[optional_internal_state]

    2. This call will display login form in the users browser

  2. On login by the user via the SSO form

    1. User is authenticated with Membes AMS.

    2. User is redirected to {{callback_url}}.

  3. The callback to {{callback_url}} will contain the following parameters

    1. &state=[optional_internal_state] (passed through from step 1)

    2. &profileID=[profile_id_of_authenticated_user]

    3. &email=[primary_email_address_of_autenticated_user]

    4. &status_id=[membership_status_of_autenticated_user] (0 = No, 1 = Active Member, 2 = Inactive Member)

 

Although the Membes API is not a prerequisite for the Membes SSO, the Membes API could be used from this point to retrieve or update profile details.

User Logout

To log a user out from their session in Membes:

  1. https://{{customer_website_url}}/member/oauthlogout

  2. Response: { status: true }

Access third party software via link on website

Use this process if you want to provide a link to the third party software from a user already logged into their Membes website.

Prerequisites

  1. Membes API

    1. See Membes API

Creating the Link in website

  1. Login to Membes admin > CMS.

  2. Navigate to the page that you want to place the link to the 3rd party software in.

  3. Make sure the page is set to requires login, as the user must be logged in for the Authenticated URL to be generated.

  4. In the href parameter of the link, place the following shortcode:

    [code]Application.util.authLink("www.yoursite.com")[/code]

This shortcode, when rendered, will generate a url containing a JWT Token as a url parameter called “membes_token”.

e.g. https://www.yoursite.com/?membes_token=[jwttoken]

When the logged in user clicks the generated link they will be sent to “https://www.yoursite.com” with the token appended to the URL.

Validating the Token

When you receive a request to http://{{customer_website_url}} with membes_token in the URL, you then validate this token via the Membes API at [membesapiurl].

  1. Send token to (membes API v2 ): GET https://[membesapiurl]/api/token/validate/[jwttoken]

  2. Response will be JSON format:

{ valid: true|false, data: { id: [membes PK], profileNumber: [profileNumber], firstName: [first name], surname: [surname], email: [primary email address], membershipType: [membership type as string], membershipTypeID: [membership type as ID], membershipStatus: [membership status as string (--, Active, Inactive) ], membershipStatusID: [membership status as ID], } }

 

Related content

Membes API v2
Membes API v2
Membes Developer Documentation
More like this
Content categories
Content categories
Membes User Guide
Read with this
Membes API
Membes API
Membes User Guide
More like this
Webcastcloud
Webcastcloud
Membes User Guide
More like this
Membes API v1
Membes API v1
Membes Developer Documentation
More like this
2022 Release notes
2022 Release notes
Membes User Guide
More like this