Forum Discussion

awitt's avatar
awitt
Guide
10 years ago

LithiumSSOClient Help

I'm following the instructions given at http://community.lithium.com/t5/Community-API/bd-p/developers-rest-api?page=authentication.   All I want to do is get an SSO Auth Token, authenticate, and th...
  • DougS's avatar
    DougS
    10 years ago

    Hi awitt ,

     

    Based on the example you gave, here is some information I hope explains what the values you are asking above mean:

     

    SSO_CLIENT_ID is used to generate a unique cookie name, mainly to prevent clashes when a customer has more than 1 Lithium community.  It should be unique per community and "phase" (stage/prod).  Customers will often use <community id>.<phase> (ex. lithium.stage or lithium.prod) for their client id.

     

    SSO_SERVER_ID is mainly used to generate a unique id that is used to prevent clashes with other LithiumSsoClient instances and to handle some security-related operations like prevently replay attacks.  You can set this to null actually and it will generate a unique one for you.  It's mainly there for backwards-compatibility at this point.

     

    CALLER_PUBLIC_IP is supposed to be the IP address the request to the community will be coming from.  It's used in an additional security checking process to make sure the request is coming from the right IP.

     

    Finally, the ssoId parameter is the unique identifier for the user you are signing in.  Lithium takes at the ssoId passed in the token and looks for a user with that ssoId.  If it finds one, it creates a session for that user.  If it does not find one, but is able to decrypt the SSO token, it creates a new user for that ssoId and creates a session for that user.  If it can't decrypt the SSO token, authentication fails.

     

    I hope that helps.  Please let me know if you have any follow-up questions.

     

    -Doug

DougS's avatar
DougS
Khoros Oracle

Hi awitt ,

 

Based on the example you gave, here is some information I hope explains what the values you are asking above mean:

 

SSO_CLIENT_ID is used to generate a unique cookie name, mainly to prevent clashes when a customer has more than 1 Lithium community.  It should be unique per community and "phase" (stage/prod).  Customers will often use <community id>.<phase> (ex. lithium.stage or lithium.prod) for their client id.

 

SSO_SERVER_ID is mainly used to generate a unique id that is used to prevent clashes with other LithiumSsoClient instances and to handle some security-related operations like prevently replay attacks.  You can set this to null actually and it will generate a unique one for you.  It's mainly there for backwards-compatibility at this point.

 

CALLER_PUBLIC_IP is supposed to be the IP address the request to the community will be coming from.  It's used in an additional security checking process to make sure the request is coming from the right IP.

 

Finally, the ssoId parameter is the unique identifier for the user you are signing in.  Lithium takes at the ssoId passed in the token and looks for a user with that ssoId.  If it finds one, it creates a session for that user.  If it does not find one, but is able to decrypt the SSO token, it creates a new user for that ssoId and creates a session for that user.  If it can't decrypt the SSO token, authentication fails.

 

I hope that helps.  Please let me know if you have any follow-up questions.

 

-Doug

awitt's avatar
awitt
Guide
10 years ago

Thanks, @DougS! Those were exactly the explanations I was looking for. Was that info in the online docs somewhere? I did try searching for it, and hadn't found it, but it seems like perhaps it should have.