Integrating SSO provider with Escenic and Vizrt Community Engine plugin
Vizrt Community Engine plugin from version 3.4.X, compatible with Escenic Content Engine 5.1.X, comes with the out-of-the-box support for third party authentication providers which simplify (remove) registration process for provider’s users. Community Engine currently supported providers are Facebook, Google, Yahoo and OpenID but it is easy to add new ones. More information on Escenic SSO support can be found at Vizrt documentation portal.
1. The first step is to learn more about a chosen provider API. The most important is to learn what is needed to make API calls. For example some providers (most of them) require a developer registration after which they provide access to API.
2. The second step is to provide user with “Login with …” link on the homepage, the easiest way to do this is to just paste some JavaScript which most providers offer, e.g. for Facebook (using HTML5):
<div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=APP_ID"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <div class="fb-login-button" data-show-faces="true" data-width="200" data-max-rows="1"></div>
3. The third step is to insert SSO provider to the Escenic database. Please take note of provider ID because it will be needed in next step:
INSERT INTO GCE_SSOProvider VALUES(5, ‘providerName’);
4. Register onlogin event which is also called the ‘return URL’: the URL on your site where providers redirect the user after a successful login. Set url to ‘auth/login.do’ struts action (defined by Vizrt Community Engine), and passing parameter ‘providerId’ with value of ID used in previous step. For Facebook it will be:
<script> FB.Event.subscribe('auth.login', function () { window.location = "${publication.url}auth/login.do?providerId=5"; }); </script>
5. Develop a provider class which must extend Escenic ‘AbstractProvider’ class, which requires the implementation of the following methods:
- public SSOUser login(HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws ProviderFailureException
- public void logout(HttpServletRequest paramHttpServletRequest, HttpServletResponse paramHttpServletResponse) throws ProviderFailureException
‘login’ method must fetch user data from the request (usually providers sends request parameters when redirecting to specified URL) but there are also providers which requests that you make additional API call to get user data. After collecting user data from provider, SSOUser object must be created and returned by method.
‘logout’ method can just call provider API logout method.
After implementing this class, it must be deployed to the global classpath. For Tomcat that means ‘${CATALINA_HOME}/lib’ directory.
6. Create or edit two property files on your Escenic configuration location (eg. “/etc/escenic/engine/common/com/escenic/community/sso/”)
a) ‘ProviderLocator.properties’ with the following content:
$class=com.escenic.community.sso.ProviderLocator provider.facebook=./FacebookProvider provider.openid=./OpenIDProvider provider.google=./GoogleOpenIDProvider provider.yahoo=./YahooOpenIDProvider provider.providerName=./ProviderName
b) ‘ProviderName.properties’ with the following content:
$class=’ProviderClass fully qualified name’
If SSO provider specified some kind of API key, add it to this file and develop getters and setters for it in the provider class.
7. Restart Escenic Content Engine and you are ready to sign in with your Facebook, Twitter, Google or some other account!