Integrations and APIs for Service

Get Involved. Join the Conversation.

Topic

    Alan Williams
    RightNow SSO
    Topic posted April 10, 2012 by Alan WilliamsGreen Ribbon: 100+ Points, last edited April 11, 2012 
    2940 Views, 20 Comments
    Title:
    RightNow SSO
    Content:

    Is there any developer documentation on the implementation ans use of the RightNow SAML option(s)?  We have a partner who is getting various error codes and they would like to know what they mean and how to resolve the errors.  Our customer facing documentation on this feature is VERY limited.

     

    SAML configs are set and from a configuration perspective, it looks like all is working, or at least should be.

    Comment

    • Ryan McCullough

      There is a project underway to report these errors in the product error log, but currently the only way to determine what error is occuring is to enable server-side tracing and inspect the trace file. This can only be accomplished by a RN employee.

    • Alan Williams

      Do we have any dev documentation we can give to our Partners for this?

    • Charlie Mopps

      I to would like more information in regards to SAML/SSO integrations on the customer portal. Has there been any update to this?

    • Stephen Pickett

      I'm currently trying to implement this to prove that it works prior to imminent contract signing - without a working demo they will not sign and if they don't sign soon there is serious risk to the project. It is essential that logging is provided and that further detail is provided around integrating with ADFS as that is what most customers want to integrate with!

    • Charlie Mopps

      Stephen,

           If you'd like me to send you all the documentation RightNow has sent to me just drop me a line. We just purchased the module and I'd be happy to tell you about our experiences. Although, I'm not so sure you'd be happy with our results. At this point, unless we have a major breakthrough in communication or they find some long lost documentation they were previously unaware of our projects going to be in serious jeapordy. So far they've been unable to answer even the most rudimentary questions I've asked. Key format, SP connection ID, they have no idea (or at least haven't gotten back to me in days/weeks.) There is absolutely no documentation regarding how to handle the connection once it's established. We'd like to show our agent that the customer has logged in securly. We've gotten no answer at all from Rightnow, and since we can't even establish a connection, we're can't guess our way through it either. I wish you the best of luck.

    • Charlie Mopps

      I just realize I can attach files... here you go. It's not much.

      They keep sending me these 3 links over and over again:

      https://cx.rightnow.com/app/answers/detail/a_id/4288

      https://cx.rightnow.com/app/answers/detail/a_id/5197

      https://cx.rightnow.com/app/answers/detail/a_id/5198

      And of course, there is the section in the manual that pretty much tells you the same thing.

      Then I found these 2 docuemnts. One walks you through how to setup a particular SSO client... but the data the enter during the example is mostly bogus.

      Lastly there's a PDF of a power point presentation from someone that no longer works at rightnow so you can't ask her for help. It has no naration along with it so... it's not very helpful either.

       

    • Charlie Mopps

      Apparently I have to have a new post for each file... heres the other file:

    • Stephen Pickett

      Hi Jerry,

      Thanks for this - I'm not sure yet if it's helpful but if I manage to get any further I'll let you know. Are you trying to integrate with Agent Desktop or Customer Portal?

    • Charlie Mopps

      Customer portal. We're trying securely log in customers so they can discuss their bill via chat. We, at the same time, would like to continue general support via unsecured chat. But we have no way to tell if a user is logged in securely. What little documentation we do have all involves setting up the SSO connection. I litterally have nothing relating to what happens inside the application once the users logged in. I'm hoping it becomes obvious once the connection happens, but we're a long way from that. Also, further down the road we're worried about Single Sign off... but have no documentation on that either.

    • Stephen Pickett

      We are currently implementing for Agent Desktop but will also need to implement for Customer Portal, and we're using Microsoft's ADFS as the Identity Provider. What are you using?

      The way it works is that you go to a page and sign in once (if you are in a proper Windows/AD environment it will log you in without prompting for credentials) and then you have a drop down list of different services. You select the service e.g. Agent Desktop, and click Go then it logs you in. With respect to your use case I'm not sure if this works the way you want it. How are your users accessing your site?

    • Stephen Pickett

      Hi Jerry,

      Just wanted to let you know that with the very much appreciated help of Chris Fellows at Oracle I now have AD integration with Agent Desktop working, and this should be the same for Customer Portal with the exception of the URL, I believe.

      So the instructions in the manual that you gave me were correct, where it was faling over was in the certificates and this is no fault of Oracle - ADFS was not using the correct certificate to sign the request. What we did to fix this was to:

      • Ensure that the thumbprint used is the same as in AD FS 2.0 -> Service -> Certificates -> Token-signing
      • Remove any spaces from the thumbprint
      • Export the certificate using Base 64 Encoded and rename the extension to *.pem
      • Upload the *.pem certificate in the File Manager to Additional root certificates (under Switch to)

      I hope this is helpful to you and anyone else. I haven't yet implemented the CP integration yet but am sure it will be easy enough now that I understand the issue here. If you need any help and I can be in anyway useful please let me know.

    • Charlie Mopps

      Thanks, I'll pass this along to our SSO staff. When you uploaded the cert to the file manager, do you just drop it in that main folder or is there something else you need to do with it?

    • Stephen Pickett

      Nope, didn't do anything to it other than what I have noted above, we just dropped it in the main folder.

    • Charlie Mopps

      Just as a followup, it was pretty much impossible to get this implimented without Chris Fellows help. He mentioned they are re-writing documentation to replace the current info. I don't see how anyone could impliment this with whats currently on the support site. Thanks to Chis for making time for us.

    • Stephen Pickett

      Hi Jerry,

      Glad you got it working. You're right, it's impossible to get it running without better documentation so hopefully their improvements will make it easier for others purchasing this.