Single Sign-On for external sites using your NetCommunity log-in system

NetCommunity provides a service similar to Google, LinkedIn and Facebook so you can allow your users to sign into another site using their NetCommunity login details. They must have a valid NetCommunity login to do this.

The user flow

The flow for this is:

  • Go to your external site and click the ‘Login using NetCommunity’ link. In the same way as you would, on many sites, click the link to log in using your Google Account.
  • The external site redirects the user to your NetCommunity site (using the GetUserID.ashx service)
  • User logs in to NetCommunity if they are not already logged in or registers if they have not already got an account
  • The browser is redirected back to the other site with some additional details to verify it is a valid callback and also the users userid from NetCommunity
  • The external site then creates their account and stores the userid on it for future reference

More detail

Your SSO link in NetCommunity will always be:

  • http://[your site address]/components/GetUserID.ashx?redirect=[your return address]
  • i.e. http://www.uni.ac.uk/components/GetUserID.ashx?redirect=http://www.aluminati.net&requireLogin=1

You set a password in the Site Administration area of BBNC. This is used to generate the sig entry that is passed back to the external site once the user has logged in using NetCommunity. A ts entry is also passed back and is a timestamp so you can ensure the response was recent i.e. within the last 5 minutes. The return to your site will be something like:

  • [your return address]?userid=11610&ts=2014-07-04T04%3a49%3a00.3161963-04%3a00&sig=8f4c1674722c2017d9a79fcbd8af674e

You check for accounts in your external system that already have this userid, if it exists then you log the user in with that account. Otherwise you create a new account and attach this userid, then take the person through any local registration process  i.e. ask for name, email etc…

Note

  • SmartTHING can provide an add-on that fetches profile details after the authentication from the users RE record to smooth the registration process on your external site
  • A Drupal module using the SSO is available here – it details how to check the sig parameter for a valid return: http://cgit.drupalcode.org/blackbaud_netcommunity_sso/tree/blackbaud_netcommunity_sso.module?id=9b9114702dd79d89624a4ef58e609786befc2d2c