27.7.12

Single Sign-On (sso) - Netvibes Documentation - manager [Documentation]

Netvibes Documentation - manager [Documentation]

Single Sign-On (sso)

Single sign on allows an existing user management system to be integrated with the dashboard. User accounts can be created and accessed based on their session with a separate system. Users can access their dashboard account seamlessly without having to log in a second time.
The behaviour for users is as follows. When a new user visits the dashboard, a new Netvibes account, based on their email address, is created for them. The account is created on the fly and they are automatically logged in and presented with the dashboard. There is no interaction required by the user.
Existing Netvibes users are asked if they wish to link their existing Netvibes account with the new dashboard. On their successful authentication and approval, they are automatically logged in and the dashboard is added to their “Dashboards” list.

SSO integration

The dashboard must be integrated using the simple, non-JavaScript iframe method.
The iframe calls a different script which contains several additional pieces of information: the current timestamp, private and public keys, the email of the user who is logged in and a hash of these items. It requires some logic (generating the timestamp, sha1 hashing, accessing the user's email address) on the partner's site to generate this url with the relevant pieces of information.
The same script is called regardless of whether the user is, or is not, an existing Netvibes user. Based on the user_email parameter, the user is either logged into their existing account or a new account is created for them on the fly.
The public and private keys for the dashboard, which are used in the url, can be generated in the Single Sign On section of the NPD Manager.
An example of the url that should be called in the iframe (please note that all keys are samples and will not work for demo purposes):
http://www.netvibes.com/partner/[name of public page].php?api_key=af8adac8807092b1e1e21662dda56142f3aa5b99&timestamp=1275496157&user_email =test@test.com&sign=a8e50e34bd60206ac8a06b60b05bdc1f8a7609f6
The url is constructed using the following parameters:
api_key
Public key provided by Netvibes.
e.g. af8adac8807092b1e1e21662dda56142f3aa5b99
Timestamp
A UNIX timestamp of 10 digits reflecting the current UTC time e.g. generated with time() method in PHP
e.g. 1275496157
user_email
The email address identifying the user to be logged into Netvibes
e.g. test@test.com
private_key
The private key provided by Netvibes. This is not used in the final url but is used to construct the sign value.
e.g. 3Ebac988343201cf3c7336684a3656ff3c2cd3d4
sign
The sign value is a SHA1 hash function of all strings and values alphabetically sorted plus the private key.
I.e. in PHP:
sha1(api_key[api_key_value]timestamp[timestamp_value]user_email[user_email _value][private_key])
Using the sample data in the example, the following would be used in PHP:
sha1(api_keyaf8adac8807092b1e1e21662dda56142f3aa5b99timestamp1275496157user_emailtest@test.com73d094de8d9a3ec3f6f4956616bec41aa9a1bb1d)
With a resulting value of:
a8e50e34bd60206ac8a06b60b05bdc1f8a7609f6
It is very important that the construction of the sign value is done on the server side so as not to expose the private key or message used in the hash.

Cookies


Cookies is an option for the Single Sign On feature. It allows for extra parameters to be added to the URL that will be transformed into cookies. It's only for the SSO option.
If you include data about, for example, “pref1, pref2” and append them as parameters to the SSO URL (e.g. ?…&pref1=red&pref2=45)
pref1 and pref2 will be stored in the user's cookie (but not any other pref, in that example).

Restrict Access


By default, new dashboards are publicly accessible. To restrict access so that only authorized users can access the dashboard, check the Restrict acces to your NPD under the “Restrict access” section. Users will then be required to log in using an authorized account in order to access the dashboard. See the users section for enabling access to users.
Checking Make your NPD on Netvibes domain inaccessible will hide your NPD from the Netvibes.com URL.

Guest Pass

A guest pass allows you to easily share dashboards to selected users, without the need to create user accounts.

Create Guest Pass

Go to the Guest Pass menu of your dashboard. Click on Create Guest Pass: it will generate 2 URLs.
  • The 1st one is the guest pass to the dynamic dashboard.
  • The 2nd one is a read only version of your dashboard.
You can choose to add a password to your guest pass: when users enter the URL of the guest pass, they will be asked for it. When accessing a password protected guest pass, the name field should be left blank, only the password should be entered.
That password can be found in the NPD manager if you forget it: just mouse-over the lock in the guest pass you protected.

Delete Guest Pass

Deleting a guest pass will revoke access from all of those users who accessed the dashboard using that particular guest pass.
To delete a guest pass, select the one you want to delete in the dropdown menu. Click Delete Guest Pass.

Custom DNS


As well as the iframe implementation, Netvibes also supports custom DNS. In this implementation, the whole dashboard is served from the partner (sub)domain.
  • Enter your host name in the box (www.mysitename.com)
  • Ask the sysadmin of your domain to update the following three hostnames to point to the public IP of Netvibes (replace www.mysitename.com with your own hostname):
www.mysitename.com
   modules.www.mysitename.com
   *.modules.www.mysitename.com
  • Request a sysasdmin at Netvibes to update our server configuration