Versions Compared

Old Version 16

changes.mady.by.user Panagiotis Papanastasiou

Saved on

compared with

New Version Current

changes.mady.by.user Panagiotis Papanastasiou

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt

Token-based authentication has been introduced for allowing single sign-on between your main web site and your Storefront. Users that have already logged in your Portal will be able to automatically login to your Storefront without entering their credentials.

Setting up the BSS Mechanism

On BSS, navigate to: BSS > Setup > Administration > System Options > Storefront Login Settings (as explained in this Documentation)

Click on "Settings (Custom)".Image Removed

Image Added


On the following page, please provide a name to the Instance Name text  text field.  Image Removed

Image Added

  • Choose one of the two hash Algorithms (MD5 or SHA256), from the drop-down menu, for the encryption.

  • Paste your [Hash Key]

     to the 

     to the Hash Key text field.

  • Then click on the "Save" button.


Click on "Activate" from the top bar and the token-based authentication is ready to be used.Image Removed

Image Added


Updating the Hash Key via API

As the Hash Key value plays a crucial role in the encrypted token, it needs to be refreshed timely to further secure the Token-Based SSO access to the Storefront. To address this, we have introduced an update (for expiration purposes) method through our API. As a Public API V.3 user, you can update the Token-Based SSO Hash Key value with the use of the use the PATCH /api/ExternalAuthentications/providerinstances/{instanceId}/settings endpoint endpoint, based on the instance ID. As a result, to update the Hash Key value. This method allows you to automate the process of refreshing the Hash Key value (e.g. daily) by generating a new value and consequently expiring the tokens of the previous days. Therefore, with this update (via API) method, you achieve enhanced security can enhance the security of your system by automatically refreshing Hash Values while ensuring timely expiration.

Client-Side Parametrization for Token-Based SSO

The following notes are a systems' communication example as well as an implementation guide for the client-side infrastructure so that the single sign-on between your main web site website and your Storefront can function without issues. 

Url URL Parameters:

  • token: Is a required parameter for user authentication.

  • refurl: Is an optional parameter for redirecting users after their login.

The link from your portal to your Storefront should be of the form form https://{SYSTEM_URL}/externalauth/CSTM_TOKEN/{INSTANCE_ID}/?token={Algorithm}({Email/Username}{HashKey}) where the token should be encrypted using either the MD5 algorithm MD5(Email/Username+Hash_Key) or the SHA256 algorithm SHA256(Email/Username+HashKey).

  • Email/Username: It must be the email of the Storefront user you have in BSS.

  • HashKey: A value you will decide.

What you should implement is a mechanism through which you will collect your customers' emails and use it for creating the token and redirecting the customer to your Storefront.


Table of Contents

Table of Contents
excludeTable of Contents