The jsConnect addon has a unique way of supporting SSO for embedded sites. For it to work, you'll need to pass a specially formatted SSO string to your embed.
- This article focuses on how to seamlessly log in users to Vanilla communities embedded in iFrames.
- For all other SSO using jsConnect, see this article.
What you'll need
- A jsConnect connection for your community. Make a note of your secret because you'll need this to format your SSO string.
- To generate your SSO string on your server. This will be done on the page where you embed Vanilla.
- Your server will need to know the current user. You'll need information like the user's ID, username, and email.
- A community or comment embed code. You can get this in the Dashboard, on the Settings > Technical > Embedding page.
Generate your SSO string
You must generate your SSO string on the server, even though you'll be generating a client-side SSO string. Here's an example in PHP:
$user = [
'client_id' => 'Your jsConnect Client ID',
'uniqueid' => '',
'name' => 'Name',
'email' => 'Email',
'photourl' => 'Photo',
'roles' => 'Roles',
];
$string = base64_encode(json_encode($user));
$timestamp = time();
$hash = hash_hmac('sha1', "$string $timestamp", $secret);
$sso_string = "{$string} {$hash} {$timestamp} hmacsha1";
Add this string to your output page inside a script tag, like this:
<script>vanilla_sso = "<?php echo $sso_string; ?>";</script>
Below this script tag, insert your embed code, which will read the vanilla_sso variable and use it to sign in your user.
Troubleshooting
For jsConnect version 3 only.
In your Vanilla Dashboard, access the jsConnect addon and click Test. On the Test page, you will find a sample jsConnect sso_string for the user that you're logged in as. You can compare it to the one you have generated or you can temporarily paste it manually into the page that you're using to embed the community. TEMPORARILY because anyone who visits that page will be logged in as you. Please exercise caution.
Potential issues
Here are some issues you may run into when trying to get embedded SSO working:
- Do NOT output an SSO string if there isn't a user signed in on your site.
- When using embedded SSO, users will not receive a welcome email. This is to provide as seamless an experience as possible. We assume your site has already welcomed the user, and they shouldn't think they are registering for another site.