1
SSO between ST and PHP Site?
Question asked by Pantheon - 10/15/2019 at 12:42 PM
Unanswered
I asked a developer if there was a workaround to the ASP.NET restriction mentioned in the SSO setup: https://portal.smartertools.com/kb/a2517/configure-single-sign-on-between-smartertrack-and-another-site.aspx  - and they said, "If Smarter Tools published their protocol, you could just write an implementation in PHP."

Can you tell me what protocol you use for your SSO implementation using the login external provider?

12 Replies

Reply to Thread
1
Kyle Kerst Replied
Employee Post
I believe your best bet on this would be to leverage our API which I believe you could call/query from your PHP application. 
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
1
Pantheon Replied
I'm trying to clone users from a Wordpress site into SmarterTrack with SSO, so that a user created in Wordpress will be created in ST when a customer visits the portal. Your SSO solution says you can do this: http://help.smartertools.com/SmarterTrack/current/Default.aspx?qq=%2fSmarterTrack%2fcurrent%2fTopics%2fConcepts%2fSingleSignon.aspx 

All registration would be done through the WP site.
1
Kyle Kerst Replied
Employee Post
This could likely be done by your developer, and would probably take the form of a PHP based plugin that makes the necessary API calls to SmarterTrack when a new user is created in Wordpress. 
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
1
Pantheon Replied
Create a user in ST using this function? http://portal.smartertools.com/services2/#svcOrganization_CreateUser And what about the SSO functionality in terms of being automatically logged into ST when you visit the portal if you're already signed into WP?
0
Kyle Kerst Replied
Employee Post
This I'm not sure on, I can try asking our developers to see if there is a particular call in the API they'd recommend. 
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
Pantheon Replied
ST seems to have the ability to use an external identity provider to authenticate users, such as mentioned on this page under authentication method: http://help.smartertools.com/SmarterTrack/current/Default.aspx?qq=%2fSmarterTrack%2fcurrent%2fTopics%2fInstallation%2fExternalProviders.aspx but which protocol does this use? Like, OpenID or OAuth2 or SAML.
0
Pantheon Replied
What kind of authentication cookie needs to be created in order for the GetSignInCookieInfo Method on this page: http://help.smartertools.com/SmarterTrack/current/Default.aspx?qq=%2fSmarterTrack%2fcurrent%2fTopics%2fInstallation%2fExternalProviders.aspx to work?

I can probably just redirect users on the WP registration page to a page where a cookie is set. Then when they go to the portal, they will be logged in via SSO using the GetSignInCookieInfo Method.
0
Pantheon Replied
Can someone confirm that it's possible to create and also update user information using the API? And not just for organizations. It seems user creation is only listed for organizations in the API literature for some reason.
0
Sébastien Riccio Replied

EDIT: Sorry all the information I wrote here is useless. It was for SmarterMail. My apologizes...


You can do, with the API, almost if not all what can be done through the web admin interface, because the admin interface and more globally the whole web interface uses the api.

To add a user with the API you need to be in a domain admin context and then call the AddUser function:

To swtich to the domain admin context you have to call:

Then you can add users to this domain using:

We have our homemade control panel that communicates with SM for the mail hosting part.
However the new API documentation lacks real world examples and we had to spy calls made by the web interface to the backend to understand some of the functions.
(you can do this with an http/https debugger like Fiddler)

The legacy soap api was simpler in my opinion but you shouldn't use it for new developments as it's getting deprecated.
 
SR
Sébastien Riccio System & Network Admin https://swisscenter.com
0
Pantheon Replied
Is there really no way to find out if you can create and edit user accounts via the API? 
0
Employee Replied
Employee Post
Hello Pantheon,

The API documentation for Organizations contains Users within it's umbrella alphabetically. When you have a chance review the SetUsersProperties and CreateUser sections within the API documentation.  

Best wishes!

0
Pantheon Replied
So SetUsersProperties  can be used to update a user's info, like phone number, email etc.? Why are these functions under organization, though? Can they be used to create and update users that aren't part of an organization?

Reply to Thread