Präsentation SSO Integration Guide V1.3

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 13

DownloadPräsentation SSO Integration Guide V1.3
Open PDF In BrowserView PDF
MANAGE QUALIFICATION IN A SINGLE SYSTEM

CRME® 3.0
SSO Integration Guide
STAND 10.03.2016

IM|S INTELLIGENT MEDIA SYSTEMS AG

Authentication Workflow
netTrainment 3.0

1. User clicks on
link to be
redirected to
CRME
2. A request to
CRME is sent to
check if the user
already exists.

6. The user is
silently logged in
as a CRME User

Application
Context
3. If the User
Exists a Session
Token is
generated and
returned.

5. The Server
redirects the users
to the CRME,
using the Token
and Public Key
4. If not, a new
user has to be
created.

IM|S INTELLIGENT MEDIA SYSTEMS AG

Security Overview
netTrainment 3.0

CRME Server

User’s Browser

Public Key

External
Provider Server



Public Key: a public key will be used for
redirects.



Private Key: a private key that should be used
only for Server to Server communication.



IP Security: Each Private API Key is associated
with a set of IP Addresses and usage is
allowed only from those specific IP Addresses



Only HTTPS encryption is allowed

IM|S INTELLIGENT MEDIA SYSTEMS AG

Authenticating and Authorizing
netTrainment 3.0



To authenticate the requests to CRME you have to set the Private Key as the
Authorization Bearer token in each request.



Example authentication header:
Authorization: Bearer mF_9.B5f-4.1JqM



The Private Key could only be used for the API requests.

IM|S INTELLIGENT MEDIA SYSTEMS AG

API Interface
netTrainment 3.0



/api/v1/auth
 GET: checks for existing user by identifier
 POST: create a new user
 PUT: update an existing user

Usage Examples:
 GET: {url}/api/v1/auth/9nU2W01dJK
 PUT: {url}/api/v1/auth
{ “Identifier”: “9nU2W01dJK”, “FirstName”: “John”, “FastName”: “Doe”, “Email”:
“john@doe.org” … }

IM|S INTELLIGENT MEDIA SYSTEMS AG

API Errors
netTrainment 3.0



If the request fails, the response will have a status of 400 Bad Request and will have
contents as follows:

Parameter

Description

BODY DATA

A JSON object with the following properties:
error: (string) An error code.
error_description: (string) A more detailed description of the error intended for the
developer of your app.



For example, you might receive the following data in the response body after a failed
request:
{ "error" : "invalid_request", "error_description" : "One or more parameters are missing: client_secret" }

6

IM|S INTELLIGENT MEDIA SYSTEMS AG

User Model
netTrainment 3.0

The following JSON object will be used for the API requests:
Name

Datatype

Description/Restrictions

Identifier

String

X Unique Identifier to identify the user account in the external
provider. Max 256 chars

UserName

String

X Max 256 chars

Email

String

X Max 256 chars

IsNonUniqueEmail

Bool

X Boolean with true / false (default is false)

FirstName

String

X Max 100 chars

LastName

String

X Max 100 chars

CountryCode

String

X Country two letter ISO Code e.g. GB

LanguageCode

String

X Region ISO Code e.g. en-GB

ActivationCode

String

Max 200 chars

AuthorizationToken

String

Max 256 chars (will be provided by CRME)

Expiration

Timestamp

e.g. 1448046245 (will be provided by CRME)

All required fields are marked with an X within the table above.
All chars are unicode.
IM|S INTELLIGENT MEDIA SYSTEMS AG

GET /api/{version}/auth
netTrainment 3.0

Method/Request

GET /api/v1/auth/{id}

Summary

Get existing user by identifier

Parameters

Name

Type

Located In

Description

Required

Identifier

String

URL

Unique
Identifier of
the User

Yes

Response
Http Response
Code

Description

200

Successful, returns a User Model object with the
authorization token and expiration timestamp

400

Invalid data

404

User not found

IM|S INTELLIGENT MEDIA SYSTEMS AG

PUT /api/{version}/auth/{id}
netTrainment 3.0

Method/Request

POST /api/v1/auth/{id}

Summary

Create a new user User with identifier {id}

Parameters

Name

Type

Located In

Description

Required

User

User Model

Body

The user model
to be created

Yes

Response
Http Response
Code

Description

200

Successful, returns a User Model object

400

Invalid data

IM|S INTELLIGENT MEDIA SYSTEMS AG

POST /api/{version}/auth/{id}
netTrainment 3.0

Method/Request

PUT /api/v1/auth/{id}

Summary

Update an existing User with identifier {id}

Parameters

Response

Name

Type

Located In

Description

Identifier

String

URL

Unique Identifier Yes
of the User

User

User Model

Body

The user model
Yes
with the updated
properties

Http Response
Code

Description

200

Successful, returns a User Model object

400

Invalid data

Required

IM|S INTELLIGENT MEDIA SYSTEMS AG

SSO Workflow
netTrainment 3.0



The External Provider requests to sign in a user to the CRME by using the GET request.
 In case the requested user does not exist, a new user is created by using the PUT
request.



If the request is successful, the response will deliver a user model with the
Authorization Token and Expiration Timestamp for this user.



The user can be then redirected to CRME by using the Public Key and Authorization
Token.

IM|S INTELLIGENT MEDIA SYSTEMS AG

Redirection to CRME via [GET]
netTrainment 3.0



After the AuthorizationToken has been delivered to the External Provider this is used to sign in the
user to the CRME via GET:

Redirection URL:
https://crme.com/api/oauth2/Authenticate?PublicKey={PublicKey}&Token={AuthorizationToken}
&ReturnUrl={URL}



The request required data:

Public Key is used to identify the External Provider

AuthorizationToken of the specific user

ReturnUrl to the target website



This will work only if the Authorization Token has not expired.



If the token has expired, a redirection back to the External Authentication Provider will occur and a
failed status result will be returned. It is recommended to store the AuthorizationToken and
Expiration in order to refresh it when necessary.



To refresh an AuthorizationToken another GET request has to be made and will be then provided
within the User Model.

IM|S INTELLIGENT MEDIA SYSTEMS AG

Redirection to CRME via [POST]
netTrainment 3.0



After the AuthorizationToken has been delivered to the External Provider this is used to sign in the
user to the CRME via POST:

Redirection URL: https://crme.com/api/oauth2/Authenticate



The request required data:

Public Key is used to identify the External Provider

AuthorizationToken of the specific user

ReturnUrl to the target website



This will work only if the Authorization Token has not expired.



Sample script to submit a redirection request via POST:
function jspost(path, params, method) {
method = method || "post";
var form = document.createElement("form");
form.setAttribute("method", method);
form.setAttribute("action", path);
for (var key in params) {
if (params.hasOwnProperty(key)) {
var hiddenField = document.createElement("input");
hiddenField.setAttribute("type", "hidden");
hiddenField.setAttribute("name", key);
hiddenField.setAttribute("value", params[key]);
form.appendChild(hiddenField);
}
}
document.body.appendChild(form);
form.submit();
}

FOLIE 13

IM|S INTELLIGENT MEDIA SYSTEMS AG
Source Exif Data: 
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.5
Linearized                      : No
Page Count                      : 13
Language                        : de-DE
Tagged PDF                      : Yes
Title                           : PowerPoint-Präsentation
Author                          : ngroetzbach
Create Date                     : 2016:03:10 18:03:42+01:00
Modify Date                     : 2016:03:10 18:03:42+01:00
Producer                        : Microsoft® PowerPoint® 2010
Creator                         : Microsoft® PowerPoint® 2010
EXIF Metadata provided by EXIF.tools

Navigation menu