Customer Portal

Get Involved. Join the Conversation.

Topic

    Outspark
    Pass-through Authentication ProblemsAnswered
    Topic posted December 8, 2008 by Outspark Green Ribbon: 100+ Points, last edited October 29, 2011 
    3058 Views, 16 Comments
    Title:
    Pass-through Authentication Problems
    Content:

    Hey All,

     

    I am tying RN into our company site. I am dynamically generating (in PHP) a url, which is later used to perform a redirect. I am trying to redirect a user to RN, passing the required arguments, which is supposed log a user into RN and/or create a new user record if that user does not exist. I talked to a project manager at RN... she mentioned that my script is using a deprecated address to the end-user interface, but I followed the exact instructions of integration guide 8.2...

     

    Can someone please take a look and verify that I am taking the appropriate steps?

     

    <code>

     

    $params['p_userid'] = 12341234;  // phony data
    $params['p_passwd'] = 's8df6tsdf76tsd';
    $params['p_email'] = 'nobody@nowhere.com';
    $params['p_li_passwd'] = 'mymyseclipasswd';
      

    // iterate through array and url encode + build queryparam string
      foreach ($params as $key => $value) {
       
       $params_str .= $key.'='.urlencode($value).'&';
      }

     

    // declare base redirect url
    $redirect_url = 'http://<some company>.custhelp.com/cgi-bin/<some company>.cfg/php/enduser/entry.php?p_li=';

    // append encoded query param string (substr to remove trailing amper)
    $redirect_url .= base64_encode(strtr(substr($params_str, 0, -1), array('+' => '_', '/' => '~', '=' => '*')));

     

    // redirect browser

    header("Location: $redirect_url");

    exit;

     

    </code>

    Best Comment

    Ernie Turner

    When I decode the string, this is what I'm getting

     

    [p_userid] => none [p_passwd] => password [p_email.addr] => none@none.com [p_li_passwd] => myseclipasswd&

    As you can see, the extra & at the end of p_li_passwd is whats causing this problem. When you're iterating over the parameters, just make sure you dont append the & to the end of the last item and that should fix it.

     

     

    Comment

    • Outspark

      Just an update....

       

      i've change the url to: 'http://<company>.custhelp.com/ci/pta/login/redirect/answers/list/p_li/' + the encoded query param string.

       

      I have tried testing to see if RN PTA would create and auto-login the user session, but it redirects back to our site (in this case, I have set the external login url to the script that redirects the browser to RN, so the session goes into an infinite loop). So naturally, RN's PTA sees the user data as non-existent and denies the authentication attempt, instead of creating a new contact record.

       

      Help is appreciated!

    • monique perkins

      You appear to have the correct url now

       

      Can you get to your site with the regular url

      http://<company>.custhelp.com/app

    • Outspark

      I've tried to access http://outspark.custhelp.com/app, which is redirecting the user back to my script, which redirects the user back to RN (since the user is logged into our site, my script redirects the user back to RN with user credentials encoded in the query param)

       

      I think this should give more visibility in what the request looks like:

       

      unenc query param (fake data):

       

      p_userid=12341234&p_passwd=187y1c781gv87&p_email=nobody%40nowhere.com&p_li_passwd=sd87f8sd7f

       

      encoded url:

       

      http://outspark.custhelp.com/ci/pta/login/redirect/answers/list/p_li/cF91c2VyaWQqY2xvdWRraWNrZXImcF9wYXNzd2QqZWNkNThhNTgxNzE0OTg5YjA1NzQmcF9lbWFpbCp2aWMuY2hveSU0MGdtYWlsLmNvbSZwX2xpX3Bhc3N3ZCp0emtmejU2NCUyMQ==

    • monique perkins

      PTA redirects to the value set in MYSEC_EXT_LOGIN_URL on a failed attempt.

       

      You might want to switch that to something besides your script so you don't get into an infinite loop on a failed login.  If you are getting redirected then something in your encoded string is not correct. 

       

      I'll verify you are using the correct encoding....

    • Outspark

      Monique,

       

      I am urlencoding the values of each key/value pair, following a base64_encode on the query param string once all k/v pairs have been placed in the query param string... if that helps you shed some light on my problems :D

       

      <example>

       

      $query_params = base64_encode('p_userid=12341234&p_passwd=187y1c781gv87&p_email=nobody%40nowhere.com&p_li_passwd=sd87f8sd7f');

       

      </example>

       

      A quick question... Does RightNow's authentication library only accept numeric values as userid?

    • monique perkins

      1 - userid is the login name so it can be alphanumeric plus many special character.

      2 - When I encode those exact parameters I get your same encoding so that is not the problem.

      3 - Your email has%40 instead of @ which wont be valid.

      4 - make sure your p_li_password matches the config MYSEC_LI_PASSWD

      5 - if you have MYSEC_LI_ERR_ENABLED then verify you are sending in a valid user/pass.email combination for you system (I doubt that email will pass)

       

       

       

    • Outspark
      Hi Monique... strangely, I am not seeing a MYSEC_LI_ERR_ENABLED in the control panel.... could you point me in the right direction?
    • Outspark
      Monique... thanks so much for your help... I was able to get things working! :D
    • anne
      Well, I've the same problems to get PTA working. I'm curious to know about what you did to make it work.
    • monique perkins

      As far as I know he just changed the parameters to correct entries that matched validation and thepassthrough password.  The url for cp is also different. 

       

      1 - the url should be

      'http://<company>.custhelp.com/ci/pta/login/redirect/answers/list/p_li/' + encoded string

      where the terms after redirect/ is the  page you want to got to - ie answers/list

       

      2 - the code to generate the correct url 

       

      $params['p_userid'] = 'joe' $params['p_passwd'] = 's8df6tsdf76tsd'; $params['p_email'] = 'nobody@nowhere.com'; $params['p_li_passwd'] = 'mymyseclipasswd'; // iterate through array and url encode + build queryparam string foreach ($params as $key => $value) { $params_str .= $key.'='.urlencode($value).'&'; } // declare base redirect url $redirect_url = 'http://<some company>.custhelp.com/cgi-bin/<some company>.cfg/php/enduser/entry.php?p_li='; // append encoded query param string (substr to remove trailing amper) $redirect_url .= base64_encode(strtr(substr($params_str, 0, -1), array('+' => '_', '/' => '~', '=' => '*')));

       

      3 - make sure your value for p_li_passwd matches the config in MYSEC_EXT_LOGIN_URL

       

      That should be all you need. That will log in the user if they exist and   If you are stil lhaving problems let me know what you are using for the params.

       

       

    • anne

      Thanks Monique,

       

      However I've the impression that you example isn't right.

      As far as I can see it is the same example as the topic starter started with, so the used URL appears wrong to me and is at least different from the one you mention in your message.

      Furthermore the code creates, I think, the problem with the @ you mentioned in an earlier message.

      Do you agree?

       

      Monique,

       

      I've found a serious problem in the original example of the topic starter.

      He has the variable  p_email instead of p_email.addr.

       

       

      I've implemented your suggestions and when I try the script I end up on the page:

      http://<my company>.custhelp.com/app/utils/login_form/session/L3NpZC9CaWxxR2xuag==

       

      and I still need to login on the customer portal and the new user is not created, so apparently the script is not doing what it is supposed to do.

       

      The script I use is this one:

       

      header("Content-type: text/html; charset=UTF-8");
      $params['p_userid'] = "janpiet";
      $params['p_passwd'] = 's8df6tsdf76tsd';
      $params['p_email.addr'] = 'mrasghfhk@hotmail.com';
      $params['p_li_passwd'] = 'N75JHc,WH9';

       foreach ($params as $key => $value) {
        
         $params_str .= $key.'='.($value).'&';
        }
        //echo $params_str;
        $redirect_url = 'http://<mycompany>.custhelp.com/ci/pta/login/redirect/answers/list/p_li/';
        $redirect_url .= base64_encode(strtr(substr($params_str, 0, -1), array('+' => '_', '/' => '~', '=' => '*')));
        //echo strtr(substr($params_str, 0, -1), array('+' => '_', '/' => '~', '=' => '*'));
        //echo $redirect_url;
         header("Location: $redirect_url");

       

       

      I've removed here the specific company name.

      The details specified are not in the database so the script it supposed to add this information and perform a log in.

       

      I can't find any problems. So please can you look at it?

       

      And just a question that came to my mind:

      The integration manual nov 08 on p 117 says:"After you have completed these steps, you will need to deploy the RightNow Customer Portal."

       

      What is exactly meant by that?

       

    • dmorgan

      monique:

       

      Is the p_li_passwd parameter a must for pta to work? If so, how can I set it's value in cp? What you wrote in step 3 is a bit confusing to me.  Shouldn't MYSEC_EXT_LOGIN_URL's value be the redirect to page url? I appreciate your help in this matter as I'm stuck trying to accomplish this with out passing the p_li_passwd parameter. 

       

       

      3 - make sure your value for p_li_passwd matches the config in MYSEC_EXT_LOGIN_URL

       

       

       

    • Ernie Turner
      No, the p_li_passwd is not required, but its recommended that you use it for security reasons. Monique had a typo in post, she meant to say the value should be the same as what the MYSEC_LI_PASSWD config is set to.
    • dmorgan

      eturner,

       

      Thanks! That is what I thought. I kind of figured it out when no one replied. I found out that the p_li_passwd filed has a value, and I incorporated that into my code but I'm still getting this (http://<some company>.custhelp.com/app/utils/login_form) dreaded page. I'm not redirecting it to our login page for now. The MYSEC_EXIT_LOGIN_URL value is blank for now. I think that is Ok until I get things working. I'm using ASP with JavaScript to implement this. I have a php implementation of it as well but I'm having the same problem. My code for doing this looks like this:

       

      <%
          var params = new Object;
          params['p_userid'] = 'none';
          params['p_passwd'] = 'password';
          params['p_email.addr'] = 'none@none.com';
          params['p_li_passwd'] = 'myseclipasswd';
         
          var params_str = "";
         
          //iterate through array and url encode + build queryparam string
          for (var i in params) {
              params_str = params_str + i + '=' + Url.encode(params[i]) + '&';
          }
         
          // echo params_str
          Response.Write("The param_str is: " + params_str + "<br /><br />");
         
          // declare base redirect url
          var redirect_url = 'http://<some company>.custhelp.com/ci/pta/login/redirect/answers/list/p_li/';
         
          // append encoded query param string
          redirect_url += Base64.encode(params_str);
         
          //echo redirect_url
          Response.Write("The redirect_url is: " + redirect_url + "<br /><br />");
         
          Response.Write("Click here to redirect to: <a href='" + redirect_url + "'>RightNow Customer Portal</a><br />");
         
          // decode the encoded params_str
          Response.Write(Base64.decode(params_str));
         
      %> 

       

      I test it by clicking on the link. 

       

      And the redirect_url for the above parameters is:

       

      http://<some company>.custhelp.com/ci/pta/login/redirect/answers/list/p_li/cF91c2VyaWQ9bm9uZSZwX3Bhc3N3ZD1wYXNzd29yZCZwX2VtYWlsLmFkZHI9bm9uZUBub25lLmNvbSZwX2xpX3Bhc3N3ZD1teXNlY2xpcGFzc3dkJg== 

       

      1. Am I using the right base redirect url (http://<some company>.custhelp.com/ci/pta/login/redirect/answers/list/p_li/)?

       

      2. Do you see any issue with the encoded parameters?

       

      3. We have the August '08 version of the cp, and I have a redirect url base that is in this format http://<some company>.custhelp.com/ci/pta/login/redirect_to/answers/list/p_li/ (notice the redirect_to instead of redirect) in the manual but both versions have the same issue. Could it be something else outside the login script?

       

      Thanks for your help.

       

    • Ernie Turner

      When I decode the string, this is what I'm getting

       

      [p_userid] => none [p_passwd] => password [p_email.addr] => none@none.com [p_li_passwd] => myseclipasswd&

      As you can see, the extra & at the end of p_li_passwd is whats causing this problem. When you're iterating over the parameters, just make sure you dont append the & to the end of the last item and that should fix it.