Ruby && Rails : FreshDesk : SSO[Single Sign On]

Here is how SSO/ Remote Authentication works:

  • A user (agent/customer) wants to remotely log into your support portal.
  • You redirect the user to a remote login page you set up.
  • The user enters his login credentials and you validate him.
  • You perform an HMAC-MD5 hash on his login details (name, secret key, email and time stamp in that order) using the secret key Freshdesk shares with you and generate a hash.
  • You send Freshdesk the encrypted value and the user’s login details this way:
['freshdesk_domain_name']+"login/sso?name=
"+current_user.username+
"&email="+current_user.email+
"&timestamp="+utctime+
"&phone="+phone+
"&company="+company+
"&hash="+gen_hash_from_params_hash(utctime)
  • Freshdesk performs the same HMAC-MD5 hash on his login details using the secret key and checks if the resulting hash matches the hash you sent.
  • If they match, Freshdesk knows that the user has been validated by you already and grants access to your portal.

 

First Generate MD5 Hash from

# Gets MD5 HASH from some unique keys to be passed to FreshDesk
# @return [String] A Digest
def gen_hash_from_params_hash
  digest = OpenSSL::Digest.new('MD5')
  OpenSSL::HMAC.hexdigest(digest, sso_secret, url_params)
end

 

# Gets URL params in GET format
# @return [String]
# Note: This method is no more supported from May 2016
def url_params
  "#{username}#{email}#{time_in_utc}"
end
# Gets URL params in GET format
# @return [String]
def url_params
  "#{username}#{ENV['FRESHDESK_SSO_SECRET_KEY']}#{email}#{time_in_utc}"
end
 # Gets time in UTC for FreshDesk to compare with # @return [Time] def time_in_utc Time.now.getutc.to_i.to_s end

And finally you can generate the SSO URL for your client

# Gets URL along with params required to authenticate to FreshDesk
# Its a instance method
# @return [String]
def get_redirection_url
  sso_domain + "/login/sso?name=" + username +
      "&email=" + email +
      "&timestamp=" + time_in_utc +
      "&hash=" + gen_hash_from_params_hash +
      "&redirect_to=" + redirect_url +
      "&company=" + get_company
end

 

 

Useful links

https://support.freshdesk.com/support/solutions/articles/31166

https://github.com/kirandarisi/freshdesk_sso

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s