The jsConnect addon has a special way of supporting SSO for embedded sites. For it to work, you'll need to pass a specially formatted SSO string to your embed.
- This article focuses on how to seamlessly log in users to Vanilla communities embedded in iFrames.
- For all other SSO using jsConnect, see this article.
What you'll need
- A jsConnect connection on your community. Make a note of your secret because you'll need this to format your SSO string.
- To generate your SSO string on your server. This will be done on the page where you embed Vanilla.
- Your server will also have to know the current user. You'll need information such as the user's ID, username, and email.
- A community or comment embed code, which you can get in the Dashboard, on the Settings > Technical > Embedding page.
Generate your SSO string
You must generate your SSO string on the server, even though you'll be generating a client-side SSO string. Here's an example in PHP:
$user = [
'client_id' => 'Your jsConnect Client ID',
'uniqueid' => '',
'name' => 'Name',
'email' => 'Email',
'photourl' => 'Photo',
'roles' => 'Roles',
];
$string = base64_encode(json_encode($user));
$timestamp = time();
$hash = hash_hmac('sha1', "$string $timestamp", $secret);
$sso_string = "{$string} {$hash} {$timestamp} hmacsha1";
Add this string to your output page inside a script tag like this:
<script>vanilla_sso = "<?php echo $sso_string; ?>";</script>
Below this script tag, insert your embed code, which will read the vanilla_sso variable and use it to sign your user in.
Troubleshooting
For jsConnect version 3 only.
In your Vanilla Dashboard, in the jsConnect addon, click Test. On the Test page, you will find a sample jsConnect sso_string for the user that you're logged in as. You can compare it to the one you have generated or you can temporarily paste it manually into the page that you're using to embed the community. TEMPORARILY because anyone who visits that page will be logged in as you. Please exercise caution.
Potential issues
Here are some issues you may run into when trying to get embedded SSO working:
- Do NOT output an SSO string if there isn't a user signed in on your site.
- When using embedded SSO, users will not receive a welcome email. This is to provide as seamless an experience as possible. We assume your site has already welcomed the user and they shouldn't think they are signing up to another site.