elb98rm, Member
Hi,
We're arranging a single sign on solution, and we're looking to debug what happens in certain conditions.
For example there is a difference in your described method:
http://mydbr.com/doc/content/prefs.sso.html
At first it says: sha1( user + name + groups + email + admin + token + secret )
Then in the code sample it shows:
sha1( $user . $name . $groups . $token . MYDBR_SECRECT );
Is there a login attempts log we could review?
Cheers
Rick
myDBR Team, Key Master
The SugarCRM code example does not use all the fields as some of them are optional.
Take a look at the example code at mydbr/user/sso/sso_example.php. This is the easiest place to start.
--
myDBR Team
elb98rm, Member
Hi,
The reason I'm asking is that if you hash different things together it's DEFINITELY not going to work...
We have the following working:
sha1( user + name + groups + email + admin + token + secret )
And the following doesn't work:
sha1( $user . $name . $groups . $token . MYDBR_SECRECT );
^ the above two are not the same at all.
Anyways - the question is: We have some things working at the moment, but is there a login debugging tool?
We'd like to be able to see error messages and logs for mydbr, to enable us to tweak these things (and see the results of things failing).
myDBR Team, Key Master
The reason I'm asking is that if you hash different things together it's DEFINITELY not going to work...
The purpose of the hash is to make sure that the request comes from valid source. Please remember that the hash is always connected with the other parameters in the URL. Therefore both examples above are correct.
All the values included in the hash needs to be inlcuded as parameters and vice versa, if your has does not contain specific parameters, you should not incldue them as parameters.
You can verify your request in your SSO module. If the login_sso.php-URL generated complies with the SSO protocol, myDBR will let user in.
--
myDBR Team
You must log in to post.