Part 1 of this documentation told you how to set up jsConnect SSO for site-wide SSO. However, if you have Vanilla embedded in a page you’ll notice that the SSO doesn’t automatically sign you in even if users are signed in to the containing page. In order to make the sign in seamless you need to add some sso information to your embed code.
The Vanilla Embed Code
Consider the embed code for Vanilla comments:
If you declare vanilla_sso and give it the proper value then Vanilla will be able to sign in your user. Here is what you need to do to generate your sso string.
- Start with the signed in user. This has the same fields as the user from the site-wide sso.
- Add your client_id to the user so Vanilla will know how to identify you.
- json encode the user.
- base 64 encode the user. This is your signature string.
- Sign the signature string with your signature and the current timestamp using hmac sha1. Make sure sure the signature string is hex encoded.
signature = hmacsha1(signature_string + " " + timestamp, secret);
- Build your final sso string:
vanilla_sso = signature_string + " " + signature + " " + timestamp + " hmacsha1"
That’s it! The value of vanilla_sso from above is what you put in your embed code. Since this needs to be dynamically generated by your site you can’t use SSO on a static page.
- Even though your signature string is base64 encoded make sure the actual signature is hex encoded. The correct string will be 40 characters consisting of the numbers 0-9 and a-f.
- The timestamp is a unix timestamp. That means it will be an integer and represents the number of seconds since 1 January 1970. Most languages have a way of getting this timestamp.