How to Set Up Single Sign On (SSO) for External/Third party Applications

To implement single sign on for an external application, you have to first link that application. To know how, click here.

Once you have linked you application, you need to change some code in your third-party application to mainly do the following:

  1. Read the session variable passed by uKnowva to your application from Request
  2. Call uKnowva web service to authenticate the passed token and on the basis of response from the uKnowva web service, you may run your code to log the user in into your application.

This is how the workflow looks like :

Here is the server side scripting you need to do in your application to read the session token of uKnowva, authenticate the user and log the user in.

Read the session token from request.

uKnowva always calls your application in iframe by additionally passing the encrypted session token in the URL, something like this:

https://1.2.3.4/?ntk=[uknowva_session_token]]

Here [uknowva_session_token]] would be some random string that is specific to current user's session.

Some simple codes to read this are as follows:

$uknowva_session_token = $_GET['ntk']; //in PHP 
uknowva_session_token = Request.QueryString("ntk") ; //in C#.net
uknowva_session_token = request.getParameter("ntk"); //in JSP

Now you may call uKnowva web service for authenticating the token and parsing the response.

The web service for authenticating session tokens in uKnowva is:

https://[uknowva.instance.url]]/index.php?option=com_custom&cmd=checksessiontoken&ntk=[uknowva_session_token]]

Replace the [uknowva.instance.url]] with your uknowva instance URL and [uknowva_session_token]] by the dynamic session token.

The above web service shall output a json object with the following properties:

  • status: This is the status boolean, if this is true, then the session token is valid, else invalid
  • message: if the status boolean is false, then this property shall contain the error message
  • user: if the status is true, then this property would be the JSON encoded user object which contains the user's username, email, name, designation, reporting manager, thumb image and profile image. In addition to this, it will also have all other custom profile fields like Mobile, Date of birth, etc. as configured in your uKnowva instance

Below is a simple example on how to call this web service in PHP:

$uknowva_session_token = $_GET['ntk']; //get the session token passed by uKnowva
if(!empty($uknowva_session_token)){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://[[uknowva.instance.url]]/index.php?option=com_custom&cmd=checkSessionToken&ntk='.$uknowva_session_token);
curl_setopt($ch, CURLOPT_TIMEOUT, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$data = curl_exec($ch);
//var_dump($data);exit;
if (!curl_errno($ch)){
curl_close($ch);

$result = json_decode($data);
if(!empty($result)){

if(is_object($result))
$result = get_object_vars($result);

if($result['status']==true){
$result = $result['user'];
if(is_object($result))
$result = get_object_vars($result);
if(is_array($result)){
// YOUR LOGIC TO LOG THE USER IN, you will find all user related info in the $result array
}
}else{
//session token is not valid
}
}else{
//the json data received was not proper
}
}else{
//Some network error occurrred, the uknowva web service could not be called
}
}

That's it. In case you face any difficulties, please contact our This email address is being protected from spambots. You need JavaScript enabled to view it..

{jcomments on}