howto How to connect multiple KVS sites with Single Sign On login feature

[Tech Support]

Signle Sign On (SSO) login feature is designed to provide easy integration of members from one site, either KVS or 3rd-party engine, into another KVS site. SSO requires user to have an active profile on original site and being logged in there. Then it is possible to render a special encrypted link from source site to KVS site and by clicking this link user will be automatically logged in to KVS site without need to register, or enter their credentials. So users will not even notice that they are being logged in to another site behind the scene. KVS will automatically create user's account in KVS database using some information provided in the encrypted link.

Here are most common scenarios for using SSO in your projects:

1) You have a forum or any other site and you want to allow your forum users to upload videos into KVS, which could be installed somewhere in videos.domain.com subdomain. With very few lines of code on your forum's end you can link your forum pages to KVS upload page or KVS profile page without any other integration effort.

2) You have a primary KVS paysite and you want to provide additional access to several bonus sites also built with KVS. In this case you can build a page with listing bonus sites and providing SSO login link for every site.

There are some limitations using SSO that should be well acknowledged:

• Users that are created by SSO will all have Active status. This means that if your KVS site has some content available to paid members only, it should be configured for Active members, not for Premium members.
• Users should not be allowed to register or login using other methods. SSO can't check for username or email duplicates and it basically expects that all your users are unique and managed in other application (e.g. forum or primary KVS site). By providing SSO link to your users you guarantee that each user has unique username and email.

 

Creating SSO page in target KVS site

Please go to Website UI -> Pages -> Add page and create a new page with the following data:

- Title: SSO

- External ID: sso

- Template code:

{{insert name="getBlock" block_id="logon" block_name="SSO login"}}

 

Save and open SSO login block that will appear in this page editor after saving. In block's template code put anything that you want to be displayed in case of unexpected error, e.g.:

The link you are using is not valid, please contact support

 

Under block parameters enable these 2 (change secretkey to something random):

- single_sign_on (String): secretkey

- redirect_to (String): /

Then save and you are done with KVS settings.

 

Displaying SSO login links on source sites

Here is the example code you need to use in your forum on any other 3rd-party site to display login link. Please note that it should only be displayed to users that are already logged in with your forum or site. Also this link should not be cached and it should be displayed in real time. Each link will expire after 1 hour.

$username = 'admin';
$email = 'admin@site.com';
$time = time();
$secret_key = 'secretkey';
$sso_token = [
   'username' => $username,
   'email' => $email,
   'token' => $time,
   'digest' => md5($username . $time . $secret_key)
];
echo "https://domain.com/sso.php?sso=" . base64_encode(json_encode($sso_token));

 

If you are using KVS on the other end as well, you can use the following code in KVS template (make sure to change secretkey and domain.com with your real data):

{{if $smarty.session.user_id>0}}
   {{php}}
   $username = $_SESSION['user_info']['username'];
   $email = $_SESSION['user_info']['email'];
   $time = time();
   $secret_key = 'secretkey';
   $sso_token = [
       'username' => $username,
       'email' => $email,
       'token' => $time,
       'digest' => md5($username . $time . $secret_key)
   ];
   $this->assign('sso_link', "https://domain.com/sso.php?sso=" . base64_encode(json_encode($sso_token)));
   {{/php}}

   <a href="{{$sso_link}}" target="_blank">Click here to login to domain.com</a>
{{/if}}