The Shared Login plugin allows third-party system to automatically log clients into Blesta.

Table of Contents

Installing Shared Login

The Shared Login plugin can be installed under [Settings] > [Company] > [Plugins] > [Available].

Configuring Shared Login

The Shared Login plugin can be configured under [Settings] > [Company] > [Plugins] > [Installed] by clicking the Manage button next to the plugin.

OptionDescription
Shared KeyThe key used to compute the HMAC-SHA256, which is used to authenticate users.

Using Shared Login

The Shared Login plugin works by accepting a GET request to a specially crafted URL, which then initializes a session within Blesta. Users can either be redirected to the specially crafted URL, or an AJAX request can be made from the user's browser.

The format of shared login URLs are:

https://yourdomain.com/path_to_blesta/plugin/shared_login/?u=CLIENT_USERNAME&t=UNIX_TIMESTAMP&r=REDIRECT_URI&h=HMAC_SHA256
ParameterDescription
uThe client's username in Blesta
tThe current Unix timestamp.
rThe URI to redirect the client to. The location where clients should be directed to after logging in. If performing a request via AJAX this value is ignored. If not set, the user will be redirect to the Blesta client interface.
h

The token used to verify the content of the request is valid and unaltered. This is an HMAC-SHA256 hash of the current time, username, and redirect URI, using the Shared Key as the key.

How to compute the hash

<?php
// The key from [Settings] > [Company] > [Plugins] > [Shared Login]
$key = "0123456789abcdef0123456789abcde";
$t = time();
$u = "client_username";
$r = "https://mydomain.com/";

$h = hash_hmac("sha256", $t . $u . $r, $key);

?>

If you have issues authenticating, ensure the time is correct on both your Blesta server and the server the user is connected to. The shared login system will tolerate up to 30 minutes of clock drift.

Redirect Example

<?php
// The key from [Settings] > [Company] > [Plugins] > [Shared Login]
$key = "0123456789abcdef0123456789abcde";
$t = time();
$u = "client_username";
$r = "http://mydomain.com/";
$h = hash_hmac("sha256", $t . $u . $r, $key);

header("Location: " . "https://yourdomain.com/path_to_blesta/plugin/shared_login/?" . http_build_query(compact("t", "u", "r", "h")));
exit;
?>

AJAX Example

<?php
// The key from [Settings] > [Company] > [Plugins] > [Shared Login]
$key = "0123456789abcdef0123456789abcde";
$t = time();
$u = "client_username";
$h = hash_hmac("sha256", $t . $u . $r, $key);

$url = "https://yourdomain.com/path_to_blesta/plugin/shared_login/";
?>

<script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
<script type="text/javascript">
$(document).ready(function() {
    $.get(
        '<?php echo htmlentities($url, ENT_QUOTES);?>',
        {u: '<?php echo htmlentities($u, ENT_QUOTES);?>', t: '<?php echo htmlentities($t, ENT_QUOTES);?>', h: '<?php echo htmlentities($h, ENT_QUOTES);?>'},
        function(data) {
            if (data.success)
                alert('logged into Blesta');
            else
                alert('login failed!');
        },
        'json'
    );
});
</script>