getSingleSignOnToken

This server-only method returns a single sign-on token that can be used in client-side POST requests to automatically log a user into the system, as well as creating a logged in session and providing a nonce and routing id which can be passed together in a URL.

This is to be used in the case where a web site external to Luminate Online has authenticated the site visitor and wants to direct the user's browser to the Luminate Online system and have them automatically logged in to the Luminate Online system. The external web server, after verifying the identity of the visitor, calls this API method to get a nonce and routing id that will log the user into the Luminate Online system when sent by the visitor's browser in a subsequent HTTP request.

To log in to the Luminate Online system and visit most pages, the nonce and routing id need only be presented one time to connect to the logged-in session. However, if other API methods are used during the visit, the single sign-on token should be included as a POST parameter in all API requests to verify that the API methods are being called from a trusted source.

Note: This call requires a cons_id or member_id or it fails with an "Unable to process request" error.   

Client ServletServer ServletHTTP Methods SupportedRequires Authentication
None. SRConsAPI POST Yes.

Server API Syntax

https://secure2.convio.net/organization/site/SRConsAPI?method=getSingleSignOnToken & api_key =value & login_name =value & login_password =value & v =value [ & center_id =value ] [ & response_format =xml |json ] [ & source =value ] [ & sub_source =value ] [ & suppress_response_codes =value ] [ & cons_id =value ] [ & member_id =value ]

Usage Notes

This server-only method returns tokens that can be passed in a client-side POST requests to log a user authenticated by a third-party server into the Luminate Online system. It is to be used in the case where a web site external to Luminate Online has authenticated the site visitor and wants to direct the user's browser to the Luminate Online system and have them automatically logged in to the Luminate Online system, or access client APIs in the context of an authenticated user session. The server calling this method should not include any session cookie or session ID in the request. If a session cookie or session ID is included in the request, the existing session will be immediately destroyed.

Note: Use this API only if the third-party server will authenticate the user. To use the Luminate Online server as the master authenticator, use login or authenticateUser instead.

This method must be invoked over a secure channel by a host system that is recognized by the Luminate Online server in its approved IP White List, and must stipulate a valid cons_id or member_id of a constituent in the Luminate Online database.

Note: The nonce returned can be used one time. However, upon use, a session cookie will be pushed to the end user and they can continue working with the logged in session. The single sign on auth token can then be passed via a POST request to other client APIs requiring authentication while the session remains active.

Server API Parameters

Common Server Parameters

See topic Common Parameters.

cons_id

The Luminate Online constituent ID for the user on whose behalf the token is requested. Optional, however, either a unique cons_id or a unique member_id parameter must be supplied in order for the call to succeed.

Type xsd:nonNegativeInteger.

member_id

The client's unique member ID , as recorded in the Luminate Online constituent database, for the user on whose behalf the token is requested. Optional, however, either a unique cons_id or a unique member_id parameter must be supplied in order for the call to succeed.

Type xsd:string.

Response

See topic HTTP Status Codes.

XML response

<?xml version="1.0" encoding="UTF-8"?>
<getSingleSignOnTokenResponse xsi:schemaLocation="http://convio.com/crm/v1.0 http://service.convio.net/xmlschema/crm.public.v1.xsd" xmlns="http://convio.com/crm/v1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <token>5F8p37tMzmB9qfjoXd9i2nkb_INrxXfa8wL7rbpSQkm5gwEgRQV5F6YmJwfKbIIgbHbeqaJcGNLWGdJqrxegrw..</token>
  <cons_id>1000543</cons_id>
  <nonce>42FF6B3EDC682E2FB63415EC76C9885F</nonce>
  <JSESSIONID>AS348AF929FK219CKA9FK3B79870H.host1</JSESSIONID>
  <routing_id>00000000.app02c</routing_id>
</getSingleSignOnTokenResponse>
JSON response
{"getSingleSignOnTokenResponse":{"routing_id":"00000000.app02c","JSESSIONID":"AS348AF929FK219CKA9FK3B79870H.host1","nonce":"42FF6B3EDC682E2FB63415EC76C9885F","token":"5F8p37tMzmB9qfjoXd9i2nkb_INrxXfa8wL7rbpSQkm5gwEgRQV5F6YmJwfKbIIgbHbeqaJcGNLWGdJqrxegrw..","cons_id":"1000543"}}

        

Leave a Comment

Nickname
Comment
Enter this word: