I need to find a way to automatically log a user into our internal web site when logged into the self service portal.
Below are the instructions on how to do this, but the code on my internal pages is very complex so I'm not sure what fields to pull and how to pass them.
My Internal site code is below the external instructions.
---------------------------- INSTRUCTIONS----------------------------
Solution Title:
Can I use a single sign on from the self service portal to a internal site?
Solution Description:
You can automatically login a user who is logged into the self service portal into an internal site by following the instructions below.
A use case example is:
1. User logs into Self Service.
2. User clicks link to customer application.
3. Customer wants some way of verifying that the user is who they say they are, preferably by being able to verify the session that they are currently logged in with self service.
customers can call the getServerTimestamp API call with a valid CSS session id, so if that call returns, you know the sessionId is valid.
Customers can add a link like this on their homepage:
<A
href="umentid=123456">
Then the sessionId can be used to verify the user is logged in (by making a successful call to getServerTimestamp), and the userId can be used to match them up on the company system. Note that any of the self service merge fields can be used: Username, email, custom fields, etc.
This requires an organization that has API access, and knowledge of a language such as Java, C#, VB.NET, Perl, or another language that supports web services. Information on how to call getServerTimestamp is in the API documentation.
----------------------------END INSTRUCTIONS----------------------------
----------------------------MY INTERNAL WEBSITE LOGIN CODE-----start.asp----------------------------
<%@ Language=VBScript %>
<% OPTION EXPLICIT %>
<% Response.Buffer = True %>
<!----------------------------------------------------
'--- © 2002, EVAD Solutions, All Rights Reserved
'----------------------------------------------------->
<!--#include Virtual="/_includes/incBMSHeader.asp"-->
<%
Dim strSQL, objConn, objRS
Dim strProjectID, strGroupList, strSectionContent
Dim SECTION_ID
SECTION_ID = 2
'----------------------------------------------------------------
'--- GET THE PROJECT ID
'----------------------------------------------------------------
if Request.ServerVariables("REQUEST_METHOD") = "POST" then
strProjectID = Request.Form("project_id")
else
strProjectID = Request.QueryString("project_id")
end if
'----------------------------------------------------------------
'--- INIT THE DATABASE OBJECTS
'----------------------------------------------------------------
funcConnectToDB "Main", objConn
set objRS = Server.CreateObject("ADODB.RecordSet")
'----------------------------------------------------------------
'--- CHECK TO MAKE SURE THAT THIS PERSON HAS ACCESS TO THIS PROJECT
'----------------------------------------------------------------
strSQL = "SELECT employee_id FROM EMPLOYEE_PROJECT WHERE project_id = " &strProjectID &" AND employee_id = " &objSession.employee_id
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly
if objRS.EOF then
objRS.Close
objConn.Close
set objRS = nothing
set objConn = nothing
Response.Clear
Response.Write "ACCESS DENIED"
Response.End
end if
objRS.Close
'----------------------------------------------------------------
'--- BUILD THE LIST OF GROUPS THAT I'M ALLOWED TO ACCESS
'----------------------------------------------------------------
strSQL = "SELECT eg.group_id " & _
"FROM EMPLOYEE_GROUP eg " & _
"JOIN GROUP_TBL g ON eg.group_id = g.group_id " & _
"JOIN EMPLOYEE_PROJECT ep ON g.project_id = ep.project_id " & _
"WHERE eg.employee_id = " &objSession.employee_id &" AND ep.project_id = " &strProjectID &" AND ep.employee_id = " &objSession.employee_id & " " & _
"AND eg.read_flag = 1 "
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly
strGroupList = ","
Do While Not objRS.EOF
strGroupList = strGroupList &Trim(objRS("group_id")) &","
objRS.MoveNext
Loop
objRS.Close
'----------------------------------------------------------------
'--- GET THE SECTION CONTENT
'----------------------------------------------------------------
strSQL = "SELECT section_content FROM WEBSITE_SECTION WHERE section_id = " &SECTION_ID
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly
if not objRS.EOF then
strSectionContent = Trim(objRS("section_content"))
end if
objRS.Close
%>
<!--#include file="header.asp" -->
<!----PLACE BODY TEXT BELOW THIS LINE ---->
<table border="0" cellpadding="1" cellspacing="1" bgcolor="#333333">
<tr>
<td align="CENTER" valign="TOP" width="119">
<br>current user:<br><b><%=objSession.first_name &" " &objSession.last_name%></b>
</td>
<td width="10"></td>
<td align="LEFT" valign="TOP">
Welcome, <b><%=objSession.first_name &" " &objSession.last_name%></b>.<br>
<%=strSectionContent%><br><br>
<table border="0">
<form method="POST" name="SEARCHFORM" action="searchResults.asp">
<input type="hidden" name="Project_id" value="<%=strProjectID%>">
<tr bgcolor="#c6c6c6">
<td class="SMALL" colspan="2"><b> Search:
<input name="search_string" size="35" class="SMALL">
<input class="SMALLER" type="SUBMIT" name="ACTION" value=" SEARCH "></td>
</tr>
<tr><td height="10"></td></tr>
</form>
<%
strSQL = "SELECT group_id, group_name, group_description " & _
"FROM GROUP_TBL " & _
"WHERE project_id = " &strProjectID & " " & _
"ORDER BY group_name "
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly
Do While Not objRS.EOF
%>
<tr>
<td colspan="2">
<% if InStr(1,strGroupList,","&Trim(objRS("group_id")) &",") > 0 then %>
<a href="DocumentList.asp?group_id=<%=objRS("group_id")%>">
<% else %>
<a href="JavaScript:alert('You do not have permission to view this group!');">
<% end if %>
<li><%=Trim(objRS("group_name"))%></a>
</td>
</tr>
<tr><td width="5"></td><td class="SMALLER"><i><%=Trim(objRS("group_description"))%></td></tr>
<tr><td height="5"></td></tr>
<%
objRS.MoveNext
Loop
objRS.Close
objConn.Close
set objRS = nothing
set objConn = nothing
%>
<tr>
<td colspan="2"></td>
</tr>
<tr><td height="20"></td></tr>
</table>
</td>
</tr>
</table>
<!----DO NOT PLACE BODY TEXT BELOW THIS LINE ---->
<!-- #include file="footer.asp" -->
----------------------------END START.ASP LOGIN PAGE CODE----------------------------
----------------------------LOGIN PAGE PASSES YOU TO DEFAULT.ASP----------------------------
<%@ Language=VBScript %>
<% OPTION EXPLICIT %>
<!----------------------------------------------------
'--- © 2002, EVAD Solutions, All Rights Reserved
'----------------------------------------------------->
<!--#include Virtual="/_includes/incBMSHeader2.asp"-->
<%
Dim strCompanyName, strUsername, blnSaveIDs, strErrmsg
Dim strSectionContent, SECTION_ID, objConn, objRS, strSQL
Dim projectId
projectId = Request("project_id")
SECTION_ID = 1
strCompanyName = Trim(Request.Cookies("COOKIE_LOGIN")("company_name") )
strUsername = Trim(Request.Cookies("COOKIE_LOGIN")("username") )
if len(strCompanyName) > 2 or len(strUsername) > 2 then
blnSaveIDs = "yes"
else
blnSaveIDs = "no"
end if
'-------------------------------------------------------------
'--- PARSE THE REQUEST OBJECT
'-------------------------------------------------------------
if Request.ServerVariables("REQUEST_METHOD") = "POST" then
strErrmsg = Request.Form("errmsg")
else
strErrmsg = Request.QueryString("errmsg")
end if
'----------------------------------------------------------------
'--- INIT THE DATABASE OBJECTS
'----------------------------------------------------------------
funcConnectToDB "Main", objConn
set objRS = Server.CreateObject("ADODB.RecordSet")
'----------------------------------------------------------------
'--- GET THE SECTION CONTENT
'----------------------------------------------------------------
strSQL = "SELECT section_content FROM WEBSITE_SECTION WHERE section_id = " &SECTION_ID
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly
if not objRS.EOF then
strSectionContent = Trim(objRS("section_content"))
end if
objRS.Close
objConn.Close
set objRS = nothing
set objConn = nothing
%>
<!--#include file="header.asp"-->
<!----PLACE BODY TEXT BELOW THIS LINE ---->
<form method="POST" name="LOGINFORM" action="/Login2.asp">
<input type="HIDDEN" name="project_id" value="<%=projectId%>">
<input type="hidden" name="MainPage" value="/publicprojects/displaytest/start.asp?project_id=<%=projectID%>">
<input type="hidden" name="RedirectPage" value="/publicprojects/displaytest/default.asp?project_id=<%=projectID%>">
<table border="0" cellpadding="1" cellspacing="1" width="525" bgcolor="#333333">
<tr>
<td align="LEFT" valign="TOP">
<table>
<tr><td class="SMALL"><b>Username</b><br><input class="SMALL" name="username" value="<%=strUsername%>" size="10"></td></tr>
<tr><td class="SMALL"><b>Password</b><br><input class="SMALL" name="password" value type="PASSWORD" size="10"></td></tr>
<tr><td class="SMALL"><input class="SMALL" name="save_ids" type="CHECKBOX" value="yes" <% if blnSaveIDs = "yes" then %> checked <% end if %>> Save username</td></tr>
<tr><td class="SMALL"><input class="SMALL" type="SUBMIT" name="ACTION" value=" LOGIN "></td></tr>
</table>
</td>
<td width="10"></td>
<td align="LEFT" valign="TOP"><% if strErrmsg <> "" then%><span class="ERROR_MESSAGE">ERROR!<br><%=strErrmsg%></span><br><%end if%>
<% 'response.Write strSectionContent%>
</td>
</tr>
</table>
</form>
<!----DO NOT PLACE BODY TEXT BELOW THIS LINE ---->
<!--#include file="footer.asp"-->
----------------------------END DEFAULT.ASP CODE----------------------------
Below are the instructions on how to do this, but the code on my internal pages is very complex so I'm not sure what fields to pull and how to pass them.
My Internal site code is below the external instructions.
---------------------------- INSTRUCTIONS----------------------------
Solution Title:
Can I use a single sign on from the self service portal to a internal site?
Solution Description:
You can automatically login a user who is logged into the self service portal into an internal site by following the instructions below.
A use case example is:
1. User logs into Self Service.
2. User clicks link to customer application.
3. Customer wants some way of verifying that the user is who they say they are, preferably by being able to verify the session that they are currently logged in with self service.
customers can call the getServerTimestamp API call with a valid CSS session id, so if that call returns, you know the sessionId is valid.
Customers can add a link like this on their homepage:
<A
href="umentid=123456">
Then the sessionId can be used to verify the user is logged in (by making a successful call to getServerTimestamp), and the userId can be used to match them up on the company system. Note that any of the self service merge fields can be used: Username, email, custom fields, etc.
This requires an organization that has API access, and knowledge of a language such as Java, C#, VB.NET, Perl, or another language that supports web services. Information on how to call getServerTimestamp is in the API documentation.
----------------------------END INSTRUCTIONS----------------------------
----------------------------MY INTERNAL WEBSITE LOGIN CODE-----start.asp----------------------------
<%@ Language=VBScript %>
<% OPTION EXPLICIT %>
<% Response.Buffer = True %>
<!----------------------------------------------------
'--- © 2002, EVAD Solutions, All Rights Reserved
'----------------------------------------------------->
<!--#include Virtual="/_includes/incBMSHeader.asp"-->
<%
Dim strSQL, objConn, objRS
Dim strProjectID, strGroupList, strSectionContent
Dim SECTION_ID
SECTION_ID = 2
'----------------------------------------------------------------
'--- GET THE PROJECT ID
'----------------------------------------------------------------
if Request.ServerVariables("REQUEST_METHOD") = "POST" then
strProjectID = Request.Form("project_id")
else
strProjectID = Request.QueryString("project_id")
end if
'----------------------------------------------------------------
'--- INIT THE DATABASE OBJECTS
'----------------------------------------------------------------
funcConnectToDB "Main", objConn
set objRS = Server.CreateObject("ADODB.RecordSet")
'----------------------------------------------------------------
'--- CHECK TO MAKE SURE THAT THIS PERSON HAS ACCESS TO THIS PROJECT
'----------------------------------------------------------------
strSQL = "SELECT employee_id FROM EMPLOYEE_PROJECT WHERE project_id = " &strProjectID &" AND employee_id = " &objSession.employee_id
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly
if objRS.EOF then
objRS.Close
objConn.Close
set objRS = nothing
set objConn = nothing
Response.Clear
Response.Write "ACCESS DENIED"
Response.End
end if
objRS.Close
'----------------------------------------------------------------
'--- BUILD THE LIST OF GROUPS THAT I'M ALLOWED TO ACCESS
'----------------------------------------------------------------
strSQL = "SELECT eg.group_id " & _
"FROM EMPLOYEE_GROUP eg " & _
"JOIN GROUP_TBL g ON eg.group_id = g.group_id " & _
"JOIN EMPLOYEE_PROJECT ep ON g.project_id = ep.project_id " & _
"WHERE eg.employee_id = " &objSession.employee_id &" AND ep.project_id = " &strProjectID &" AND ep.employee_id = " &objSession.employee_id & " " & _
"AND eg.read_flag = 1 "
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly
strGroupList = ","
Do While Not objRS.EOF
strGroupList = strGroupList &Trim(objRS("group_id")) &","
objRS.MoveNext
Loop
objRS.Close
'----------------------------------------------------------------
'--- GET THE SECTION CONTENT
'----------------------------------------------------------------
strSQL = "SELECT section_content FROM WEBSITE_SECTION WHERE section_id = " &SECTION_ID
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly
if not objRS.EOF then
strSectionContent = Trim(objRS("section_content"))
end if
objRS.Close
%>
<!--#include file="header.asp" -->
<!----PLACE BODY TEXT BELOW THIS LINE ---->
<table border="0" cellpadding="1" cellspacing="1" bgcolor="#333333">
<tr>
<td align="CENTER" valign="TOP" width="119">
<br>current user:<br><b><%=objSession.first_name &" " &objSession.last_name%></b>
</td>
<td width="10"></td>
<td align="LEFT" valign="TOP">
Welcome, <b><%=objSession.first_name &" " &objSession.last_name%></b>.<br>
<%=strSectionContent%><br><br>
<table border="0">
<form method="POST" name="SEARCHFORM" action="searchResults.asp">
<input type="hidden" name="Project_id" value="<%=strProjectID%>">
<tr bgcolor="#c6c6c6">
<td class="SMALL" colspan="2"><b> Search:
<input name="search_string" size="35" class="SMALL">
<input class="SMALLER" type="SUBMIT" name="ACTION" value=" SEARCH "></td>
</tr>
<tr><td height="10"></td></tr>
</form>
<%
strSQL = "SELECT group_id, group_name, group_description " & _
"FROM GROUP_TBL " & _
"WHERE project_id = " &strProjectID & " " & _
"ORDER BY group_name "
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly
Do While Not objRS.EOF
%>
<tr>
<td colspan="2">
<% if InStr(1,strGroupList,","&Trim(objRS("group_id")) &",") > 0 then %>
<a href="DocumentList.asp?group_id=<%=objRS("group_id")%>">
<% else %>
<a href="JavaScript:alert('You do not have permission to view this group!');">
<% end if %>
<li><%=Trim(objRS("group_name"))%></a>
</td>
</tr>
<tr><td width="5"></td><td class="SMALLER"><i><%=Trim(objRS("group_description"))%></td></tr>
<tr><td height="5"></td></tr>
<%
objRS.MoveNext
Loop
objRS.Close
objConn.Close
set objRS = nothing
set objConn = nothing
%>
<tr>
<td colspan="2"></td>
</tr>
<tr><td height="20"></td></tr>
</table>
</td>
</tr>
</table>
<!----DO NOT PLACE BODY TEXT BELOW THIS LINE ---->
<!-- #include file="footer.asp" -->
----------------------------END START.ASP LOGIN PAGE CODE----------------------------
----------------------------LOGIN PAGE PASSES YOU TO DEFAULT.ASP----------------------------
<%@ Language=VBScript %>
<% OPTION EXPLICIT %>
<!----------------------------------------------------
'--- © 2002, EVAD Solutions, All Rights Reserved
'----------------------------------------------------->
<!--#include Virtual="/_includes/incBMSHeader2.asp"-->
<%
Dim strCompanyName, strUsername, blnSaveIDs, strErrmsg
Dim strSectionContent, SECTION_ID, objConn, objRS, strSQL
Dim projectId
projectId = Request("project_id")
SECTION_ID = 1
strCompanyName = Trim(Request.Cookies("COOKIE_LOGIN")("company_name") )
strUsername = Trim(Request.Cookies("COOKIE_LOGIN")("username") )
if len(strCompanyName) > 2 or len(strUsername) > 2 then
blnSaveIDs = "yes"
else
blnSaveIDs = "no"
end if
'-------------------------------------------------------------
'--- PARSE THE REQUEST OBJECT
'-------------------------------------------------------------
if Request.ServerVariables("REQUEST_METHOD") = "POST" then
strErrmsg = Request.Form("errmsg")
else
strErrmsg = Request.QueryString("errmsg")
end if
'----------------------------------------------------------------
'--- INIT THE DATABASE OBJECTS
'----------------------------------------------------------------
funcConnectToDB "Main", objConn
set objRS = Server.CreateObject("ADODB.RecordSet")
'----------------------------------------------------------------
'--- GET THE SECTION CONTENT
'----------------------------------------------------------------
strSQL = "SELECT section_content FROM WEBSITE_SECTION WHERE section_id = " &SECTION_ID
objRS.Open strSQL, objConn, adOpenForwardOnly, adLockReadOnly
if not objRS.EOF then
strSectionContent = Trim(objRS("section_content"))
end if
objRS.Close
objConn.Close
set objRS = nothing
set objConn = nothing
%>
<!--#include file="header.asp"-->
<!----PLACE BODY TEXT BELOW THIS LINE ---->
<form method="POST" name="LOGINFORM" action="/Login2.asp">
<input type="HIDDEN" name="project_id" value="<%=projectId%>">
<input type="hidden" name="MainPage" value="/publicprojects/displaytest/start.asp?project_id=<%=projectID%>">
<input type="hidden" name="RedirectPage" value="/publicprojects/displaytest/default.asp?project_id=<%=projectID%>">
<table border="0" cellpadding="1" cellspacing="1" width="525" bgcolor="#333333">
<tr>
<td align="LEFT" valign="TOP">
<table>
<tr><td class="SMALL"><b>Username</b><br><input class="SMALL" name="username" value="<%=strUsername%>" size="10"></td></tr>
<tr><td class="SMALL"><b>Password</b><br><input class="SMALL" name="password" value type="PASSWORD" size="10"></td></tr>
<tr><td class="SMALL"><input class="SMALL" name="save_ids" type="CHECKBOX" value="yes" <% if blnSaveIDs = "yes" then %> checked <% end if %>> Save username</td></tr>
<tr><td class="SMALL"><input class="SMALL" type="SUBMIT" name="ACTION" value=" LOGIN "></td></tr>
</table>
</td>
<td width="10"></td>
<td align="LEFT" valign="TOP"><% if strErrmsg <> "" then%><span class="ERROR_MESSAGE">ERROR!<br><%=strErrmsg%></span><br><%end if%>
<% 'response.Write strSectionContent%>
</td>
</tr>
</table>
</form>
<!----DO NOT PLACE BODY TEXT BELOW THIS LINE ---->
<!--#include file="footer.asp"-->
----------------------------END DEFAULT.ASP CODE----------------------------