SSO jsConnect + embedded - struggeling
Hey guys,
so I tried to set up sso with jsConnect-plugin in embedded mode. Testing the connection is a success but when I press the button "log in with username" (so that's the sign at least recognition of active session works) it says "invalid signature". I don't get why it fails. Could someone have a look at my code? I built it up using the official documentation with part 1 and 2.
So first some information:
- website is http://www.example.org
- forum is at http://www.example.org/vanilla
- forum is forced to be at http://forum.example.org to avoid safari bug
- official url (modrewrite) where embed code is included is http://www.example.org/forum
Embed-Code
vanilla_identifier is empty because when I set a value it only shows comment box. Without whole forum is shown. Don't know what is supposed to be typed in there and why this behaviour occurs.
<div id="mainC"> <div class="container"> <div id="vanilla-comments"></div> <script type="text/javascript"> /*** Required Settings: Edit BEFORE pasting into your web page ***/ var vanilla_forum_url = 'http://forum.example.org'; // The full http url & path to your vanilla forum var vanilla_identifier = ''; // Your unique identifier for the content being commented on var vanilla_sso = '$sso'; // Your SSO string. /*** DON'T EDIT BELOW THIS LINE ***/ (function() { var vanilla = document.createElement('script'); vanilla.type = 'text/javascript'; var timestamp = new Date().getTime(); vanilla.src = vanilla_forum_url + '/js/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(vanilla); })(); </script> </div> </div>
sso-generation script (shortened), calls the html code above after completion, so $sso is avaiable for the html-template
$my = $myObj->userData; define('CLIENTID','***censored***'); // shared (public) client id, set in vanilla define('SECRET','***censored***'); // shared (not public) secret, set in vanilla function getStr2Hex($sString) { $sHex = ''; for ($i=0; $i < strlen($sString); $i++) { $sHex .= dechex(ord($sString[$i])); } return $sHex; } if($my['loggedin']===true) { $user = array('email'=>$my['email'],'name'=>$my['name'],'photourl'=>'','uniqueid'=>$my['id'],'client_id'=>CLIENTID); //"roles": "member,administrator", // OPTIONAL. You can configure jsconnect to synchronise roles $userJson = json_encode($user); $userBase64 = base64_encode($userJson); $signatureString = getStr2Hex($userBase64); $timestamp = time(); $signature = hash_hmac('sha1',$signatureString.' '.$timestamp,SECRET); $sso = $signatureString.' '.$signature.' '.$timestamp.' hmacsha1'; }
So any idea why I get "invalid signature"? If you ask me I programmed it exactly as it is explained in the documentation.
Comments
Welcome to the community!
Where is the documentation you are looking at?
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
Part 1: http://blog.vanillaforums.com/jsconnect-technical-documentation/
Part 2: http://blog.vanillaforums.com/jsconnect-technical-documentation-for-embedded-sso/
Vanilla offers libraries for PHP, Ruby, Java, and .NET (source). Since you are using PHP, you should use the jsConnectPHP library available here: https://github.com/vanilla/jsConnectPHP
There is a sample usage in the
index.php
file.EDIT - I just realized it says these libraries don't support embedded SSO. Have you already tried the PHP library?
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
I tried it yesterday and came to the same conclusion - didn't work for the case sso+embedded. I thought the documentation would solve every problem but for some reason it won't work properly. In testmode (JsConnect-Plugin -> test mode) everything is fine. I think my setup is right but for some reason the signature is not accepted. I checked it 3 times, 4 times, 5 times...I don't know whats wrong with my script.
So finally I made it now. Main reason was my fault - email was not avaiable in the $my object. I had to call a special method to load additional information - email included.
I think it's very useful for others to know that a missing element of the user array will result in signature errors.
As I searched for examples and solutions I came along this: http://vanillaforums.org/discussion/26436/implementing-sso-using-jsconnect-1-4-1-with-vanilla-2-0-18-10-part-i
I tried using as suggested:
JsSSOString($user,CLIENTID,SECRET);
Didn't do anything so I tried
$sso = JsSSOString($user,CLIENTID,SECRET);
Made it for me. So there is in fact a function to generate the SSO string for embedded forums. Hope this helps someone.
Thanks for helping me anyways!
Nice job getting it working!
Thanks for posting back with your solution.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
Strange...I made a fresh installation with the newest package (security fix), set up JSConnect and embedded mode, changes client-id and secret but it's broken now...
Well, I think I crashed it without knowing why. More grey hair growing now...
Works again, Vanilla had a problem signing me in since e-mail of installation admin account and my own backend account were the same. As I tried to sign in manually I was offered to connect the accounts which I did and now it's working again as supposed.