Single Sign On | Web Service
Doc version 3.6.6 - Applies to Popsell 3.n platform only.
SSO INTEGRATION TUTORIAL
This tutorial explains how to setup a Single Sign On process, between a brand Platform and the Popsell platform.
The purpose is to enable to rely on the credentials used by a user on a brand platform (eCommerce platform, Extranet …) to authenticate on the Popsell Platform.
This tutorial also explained how to use it as a web service to update the user’s data.
SSO Features and process
The SSO process enables:
Automatic provisioning of an account if it does not already exist on the Popsell database,
Automatic login if the account already exists.
The SSO authentication can be set as mandatory:
If set as “exclusive”, the Popsell login and register page will never be available. Users must proceed via the brand platform. Unsubscription is not available, nor the lost password link.
If set as “non-exclusive", the login page and register page remain available. Users can choose to connect through the SSO process, or to create an account and log in directly on the Popsell platform.
If SSO has been used to register, the user will not be able to log in via Popsell, unless he uses the “lost password” feature.
SSO Configuration
The SSO has to be enabled in the Popsell Manager:
Activation of SSO
Configuration of the SSO options and parameters
Once enabled, the SSO works by sending parameters and an encrypted hash on a url.
URL is: https://brand.popsell.com/sso or https://brand-specific-domain.com/sso
Use the GET method to call the service.
URL parameters
The following data are passed through the URL:
Customer ID (Brand identifier) (always required)
Manager’s customer ID (Brand identifier (optional)
Gender (M,F or 0,1) (required for provisioning)
First name (required for provisioning)
Last name (required for provisioning)
Email (required for provisioning)
Date of birth (format YYYY-MM-DD) (optional)
Address Line 1 (optional)
Address Line 2 (optional)
Zip code (optional)
City (optional)
Country code (FR, BE, US, …) (optional)
Language code (fr_FR, en_US, …) (optional)
Level in the organization (text, optional)
Areas of interest (json list, optional)
Unsubscribe (optional, if specified, any value!=0 will unsubscribe the user. If specified and value = 0, the user will be reactivated)
Random key (required)
Hash key (required)
Name of parameters can be freely chosen, but need to be entered in the Popsell Manager, in the brand configuration page.
The user photo cannot be sent through the provisioning process. The user will be encouraged to upload a photo later on the Popsell platform.
The parameters are needed to provision the account. If the account already exists, it is optional to pass all the parameters (except Customer ID), unless some of the values need to be updated.
Random key and Hash key
A different random key must be generated at each connexion. Popsell recommends a minimum of 16 random characters.
A static Key is also created, and stored in the Popsell Manager.
The Hash is a SHA-256 hash of:
Customer ID
Random Key
Static Key
Each parameter is separated by the “|” (pipe) character.
Each random key is stored by Popsell, and can only be used once.
Example
Here is an example of a SSO url:
https://brand.popsell.com/ssoundefined?gender=M&firstn=Paul
&lastn=Cassidyundefined&email=pc@popsell.com
&cid=0012345
&dob=12111990
&rk=O785gzYt5x848fe9
&hk=4E2817C47D7BB9DC1924407132246F1D88388A58A206555503D730F4202869A4
In this example, the hash key is a sha-256 hash of:
0012345|O785gzYt5x848fe9|0123456789012345
General Terms and Conditions
Two options are available:
Display of the Popsell Landing page:
This option displays the landing page on the Popsell platform when the user logs in for the first time, enabling to approve the Popsell General Terms and Conditions.
Direct provisioning:
The SSO registering process bypasses the acceptance of the Popsell terms and conditions. Thus, they should be accepted previously on the brand site, through another terms and conditions process.
The user must be aged 18+, and this has to be checked prior to sending the SSO provisioning URL.
Email confirmation
The user’s email is not verified by Popsell. It is assumed that the brand is sending a valid email address.
Web service to update the user’s data
A web service is available to enable to update any user’s data, independently of an SSO process.
URL is: https://brand.popsell.com/sso-ws or https://brand-specific-domain.com/sso-ws
URL parameters are the same as the one used for SSO provisioning and login.
Web service return code:
0 | OK (Data updated) |
202 | Invalid Hash |
601 | Ambassador not found |
Other | See details in Popsell API error codes |
Technical support
For any support, or any specific demand, please contact Popsell at: tech@popsell.com