Token-Based SSO for BSS

Token-based authentication has been introduced for allowing single sign-on between your main web site and the BSS. Users that have already logged in your Portal will be able to automatically login to the BSS without entering their credentials.

Setting up the BSS Mechanism


On BSS, navigate to: BSS > Setup > Administration > System Options > BSS Login Settings (as explained in this Documentation)

Click on "Settings (Custom)".


On the following page, please provide a name to the Instance Name text field.  

  • Choose one of the two hash Algorithms (MD5 or SHA256), from the drop-down menu, for the encryption.
  • Paste your [Hash Key] to the Hash Key text field.
  • Then click on the "Save" button.


Click on "Activate" from the top bar and the token-based authentication is ready to be used.



Client-Side Parametrization for Token-Based SSO


The following notes are a systems' communication example as well as an implementation guide for the client-side infrastructure so that the single sign-on between your main web site and the BSS can function without issues. 

Url Parameters:

  • token: Is a required parameter for user authentication.
  • refurl: Is an optional parameter for redirecting users after their login.


The link from your portal to the BSS should be of the form https://{SYSTEM_URL}/externalauth/CSTM_TOKEN/{INSTANCE_ID}/?token={Algorithm}({Email/Username}{HashKey}) where the token should be encrypted using either the MD5 algorithm MD5(Email/Username+Hash_Key) or the SHA256 algorithm SHA256(Email/Username+HashKey).

  • Email/Username: It must be the email of the BSS user you have provided in your BSS.
  • HashKey: A value you will decide.

What you should implement is a mechanism through which you will collect your customers' emails and use it for creating the token and redirecting the customer to the BSS.


Table of Contents