Developer Center

SSO API Configuration Options

The Single Sign-On Configuration screen in the channel administration interface allows you to adjust a number of parameters that control the operation of the SSO mechanism.

Cookie Name

Required. The name of the HTTP cookie that will be used to identify and authenticate visitors.

For example, if your site was hosted at www.example.net, it might send cookies via headers that look like the following:

Set-Cookie: SID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net

In this case, you would configure the SSO Cookie options with a cookie name of SID.

Validation API URL

Required. Web address for the validation URL on your server that will accept a cookie value and reply with information about the current user.

You can include $COOKIE in this URL to embed the cookie value in a specific location, or leave it out to have it passed as a query string parameter named cookie=.

The following examples show some ways these substitutions can be used:

  • http://www.yoursite.com/cgi-bin/validate.cgi
  • http://www.yoursite.com/cookie_info.php?auth=123&token=$COOKIE
  • http://www.yoursite.com/service/userauth/$COOKIE/validate

Validation Call Style

You can control whether the request to your validation URL is made via an HTTP GET or POST method.

You can also choose whether the user’s token is passed to your validation URL as a form-style parameter or as a Cookie header.

Login Page URL

Required. Web address for a page on your server that allow the user to log in and mark them as authenticated, then redirect them to a specified destination. When users click on the “sign in” link on your channel site, or request a page that requires authentication, they will be redirected to here.

You can include $TARGET in your URL pattern to embed the destination in a specific location, or leave this out to have it included as a query string parameter named target=.

The following examples show some ways these substitutions can be used:

  • http://www.yoursite.com/cgi-bin/login.cgi
  • http://www.yoursite.com/authenticate.php?redirect=$TARGET
  • http://www.yoursite.com/user/login/$TARGET

Log Out URL

Recommended. Web address for a script on your server that will mark the current user as no longer authenticated, then redirect them to a specified destination. If this value is set, when users click on the “sign out” link on your channel site, they will be redirected to here.

You can include $TARGET in your URL pattern to embed the destination in a specific location, or leave this out to have it included as a query string parameter named target=.

The following examples show some ways these substitutions can be used:

  • http://www.yoursite.com/cgi-bin/goodbye.cgi
  • http://www.yoursite.com/unregister.php?redirect=$TARGET
  • http://www.yoursite.com/user/logout/$TARGET

Account Update URL

Recommended. Web address for a page on your server that allows the current user to update their email address, password, user name, user photo, and similar information. If this value is set, requests for the /account/account and /account/profile pages on your channel site will be redirected to here.

The following examples show some ways these substitutions can be used:

  • http://www.yoursite.com/cgi-bin/userinfo.cgi
  • http://www.yoursite.com/user/update.php

User List URL

Optional. Web address for a page on your server that shows a list of user accounts. If this value is set, requests for the /users/ page on your channel site will be redirected to here.

The following examples show some ways these substitutions can be used:

  • http://www.yoursite.com/cgi-bin/userlist.cgi
  • http://www.yoursite.com/community
  • http://www.yoursite.com/users/list.php

User Profile URL

Optional. Web address template for a page on your server that shows information about a single user. If this value is set, requests for the /user/UNIQUEID pages on your channel site will be redirected to here.

You can include $HANDLE or $XID in your URL pattern to use the user name or your numeric ID in the address, or leave these out to have them both included as query string parameters named handle= and xid=.

The following examples show some ways these substitutions can be used:

  • http://www.yoursite.com/cgi-bin/userdata.cgi
  • http://www.yoursite.com/users/list.php?handle=$HANDLE
  • http://www.yoursite.com/profile/$XID