How to Enable JWT Single Sign-On
Enable JSON Web Token (JWT) Single Sign-On (SSO) with ProProfs Knowledge Base. JWT SSO provides access to multiple websites using a single set of credentials. With this authentication method, you can create a digitally signed token in JSON (JavaScript Object Notation) format, which grants users access.
JWT SSO offers several key benefits:
- Effortless Authentication: Users can access multiple websites with a single set of credentials, eliminating the need to remember multiple passwords.
- Enhanced Security: JWT SSO utilizes digital signatures, ensuring secure authentication and access control.
- User Convenience: With JWT SSO, users are authenticated using their email addresses, simplifying the login process.
To Enable JWT Single Sign-On
Step 1: Configure Manual Parameters
Before generating a JWT, you need to define specific parameters manually:
| Parameter | Type | Description |
|---|---|---|
| key | Required | Your Private Site API key (md5 encrypted) |
| user_email | Required | User’s Email to grant access to sites |
| site_access | Optional | Site ID's (comma-separated) for access (leave empty if not needed) |
| guest | Optional | Default value is true. Set to false if guest access is not required |
Note:
- You can obtain your API Key by going to Settings > Private sites.
- Site ID can be found by navigating to Sites > Manage sites.
Step 2: Automatic Parameters
The following parameters are generated automatically:
| Parameter | Type | Description |
|---|---|---|
| iat | Required | Token Issued at Time to make it valid for 3 minutes (Current Unix timestamp) |
| jti | Required | Token JWT ID to prevent reuse (Random hash, minimum 32 characters long) |
Step 3: Implement PHP Code (Sample)
To enable JWT SSO, insert the provided PHP code into your server. Make sure to customize it according to your needs:
$key = md5("key goes here"); // Change to your md5 encrypted key
$user_email = "acme@pros.com"; // Add the email of the current login
$site_access = "44567,77898"; // Access of site (Enter Site ID here)
date_default_timezone_set("UTC");
$now = time();
// Create token header as a JSON string
$header = json_encode(['typ' => 'JWT', 'alg' => 'HS256']);
// Create token payload as a JSON string
$payload = json_encode([
"iat" => $now,
"jti" => md5($now . rand(100, 10000)),
"user_email" => $user_email,
"site_access" => $site_access,
"guest" => true, // Set to true or false (optional)
]);
// Encode Header to Base64Url String
$base64UrlHeader = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($header));
// Encode Payload to Base64Url String
$base64UrlPayload = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($payload));
// Create Signature Hash
$signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, $key, true);
// Encode Signature to Base64Url String
$base64UrlSignature = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($signature));
// Create JWT
$jwt = $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature;
$return_url = $domain . "/access/jwtsso/?token=" . $jwt;
header("location: " . $return_url);
Sample request URL
page specifies the redirected page parameter, while key and value are used for SSO parameters.
https://<Site URL>/access/jwtsso/?page=home&
Optional Parameters:
Add SSO Parameters to the Token - We can add SSO parameters to the JWT payload using additional parameters. Here, we’ve named the additional parameter sso_params, which holds your SSO-related key-value pairs:
The payload will look like this:
Return page parameter - We can redirect the user to a specific page using the "Page" parameter in the JWT payload, as shown below:
Step 4: Save the changes you've made.
With these steps, you can enable JWT Single Sign-On for ProProfs Knowledge Base, providing your users with a secure and convenient authentication method.
That's all about enabling JWT Single Sign-On. If you encounter any issues or have any questions, don't hesitate to reach out to our support team.
Related Articles: