How to Enable JWT Single Sign-On
With ProProfs Knowledge Base, you can use the JSON Web Token(JWT) to implement Single Sign-On(SSO). Single Sign-On enables you to enter multiple websites with the same credentials. JWT SSO works by creating a digital signature token in the form of a JSON(JavaScript Object Notation) which is then used for authentication and granting access.
There are various parameters that need to be defined before a JWT is generated:
1. Manual Parameters (To be entered by the user)
|
Name |
Type |
Description |
|
key |
Required |
Private Site API key (md5 encrypted) |
|
user_email |
Required |
User’s Email to give access to sites accordingly |
|
site_access |
Optional |
Site ID’s (comma separated) |
| guest | Optional | The default value is true. Set it to false if you don't want to access the FAQs as a guest user. |
2. Automatic Parameters (Will be generated & taken automatically)
|
Name |
Type |
Description |
|
iat |
Required |
Token Issued at Time to make token valid only for 3 minutes (Current Unix timestamp) |
|
jti |
Required |
Token JWT ID to ensure that same token cannot be used again (Random hash minimum 32 characters long) |
Things to Remember:
- Only a user registered in the Knowledge Base can log in using JWT
- Users are authenticated through their Email ID
- The generated JWT is valid only for 3 minutes
- A lack of Site ID will give the user access only to the site that is listed as the domain name (Check PHP Code below)
Steps to Enable JWT Single Sign-On
Step 1: Create and enter the PHP code (like the sample given below) in your server.
Sample PHP Code:
$domain = “http://acme.helpdocsonline.com”; //Change your domain here
$key = md5("key goes here"); // md5 encrypted key change your key
$user_email = "acme@pros.com"; // Adds email of current login
$site_access = "44567,77898"; // Access of site(Enter Site ID here)
date_default_timezone_set("UTC");
$now = time();
// Create token header as a JSON string
$header = json_encode(['typ' => 'JWT', 'alg' => 'HS256']);
// Create token payload as a JSON string
$payload = json_encode([
"iat" => $now,
"jti" => md5($now.rand(100, 10000)),
"user_email" => $user_email,
"site_access" => $site_access.
"guest" => true / false (optional field as default value true)
]);
// Encode Header to Base64Url String
$base64UrlHeader = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($header));
// Encode Payload to Base64Url String
$base64UrlPayload = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($payload));
// Create Signature Hash
$signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, $key, true);
// Encode Signature to Base64Url String
$base64UrlSignature = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($signature));
// Create JWT
$jwt = $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature;
$retrun_url = $domain.”/access/jwtsso/?token=".$jwt;
header(“location: “.$retrun_url);
Step 2: In the code make sure to enter your Domain name, API Key and Site ID(Optional).
Step 3: Save the changes you have made.
How does JWT SSO work?
Once a user has logged in to your server and they attempt to access ProProfs Knowledge Base, the PHP code is executed. The credentials of the user are crosschecked with the Knowledge Base and if the user exists, a token is generated. The token can then be used to log in. If the token is not used within 3 minutes, the user is denied access. If the user credentials are not found in the knowledge base, they are given visitor access to the knowledge base.
Related Articles: