SSO Redirect

Provides ability for users logged in into www.ontariosoilcrop.org to switch to operations website without having to log in again.

Contents

Linking User 2

Redirecting to Workshops 3

Unlinking User 4

OP.Net Additional Configuration 5

Linking User

In order to link users between two sites they must verify their credentials. This is done by calling a new method in operations that will check if the username & password are valid and return appropriate message.

Request:

Endpoint: <Operations_URL>/SSO/LinkUser

Method: POST,

Parameters:

  1. username
  2. password
  3. access token
  4. cookie_value

Response:

{

Code:<response code>

Description:<response description>

}

Code:

  1. – User credentials are valid
  2. – Account is Locked
  3. – Account not confirmed yet
  4. – Invalid username and/or password
  5. – OPLinked (OP Account is already linked to another OSC Account)
  6. – OSCLinked (OSC account is already linked to another OP Account)

Description – short text description of the response

Redirecting to Workshops

Once the users have been authenticated, they may be redirected to the operations workshops. This is achieved by sending a redirect request.

Request:

Endpoint: <Operations_URL>/SSO/Workshops&access_token=<token>&cookie_name=<session cookie name>&cookie_value=<session cookie value>&language_code=<language>

Parameters:

  • access_token – Auth token from WordPress’ Auth server
  • cookie_name – name on the authentication cookie created by WordPress (should start with “wordpress_logged_in_################################”)
  • cookie_value – the value of the authentication cookie
  • language_code – preferred language (fr-CA/en-CA)

Unlinking User

In the event when an OSC user wishes to remove the link between OSC & OP.net to either plainly remove it or relink it to another account, unlink endpoint is available to remove the association.

Currently: Unlink User is finding out the user and remove LinkedId from rtPublicUser table

Request:

Endpoint: <Operations_URL>/SSO/UnlinkUser

Method: POST, form-urlencoded

Parameters:

  1. access_token
  2. cookie_name
  3. cookie_value

Response:

{

Code:<response code>

Description:<response description>

}

Code:

  1. – User credentials are valid
  2. – Account is Locked
  3. – Account not confirmed yet
  4. – Invalid username and/or password or account is linked to a different user
  5. – OPLinked (OP Account is already linked to another OSC Account)
  6. – OSCLinked (OSC account is already linked to another OP Account)

Description – short text description of the response

OP.Net Additional Configuration

The following entries need to be added to the Web.config file.

  • OAuthDomain – Address of the WordPress site for OSC
  • OAuthIntrospectionURL – Address of the token introspection URL of the WordPress identity server
  • WPAuthURL – URL on WordPress site that requires user to be logged in to be accessed (used for validating auth cookie)