+1
Fixed

SSO Ruby code fails

jrimmer 7 years ago in New features • updated by Sergey Stukov (co-founder) 7 years ago 16
The SSO Ruby code sample fails in my environment.  Using the sample script accessible via the Ruby link on Ruby 1.9.3 yields the following:

irb(main):028:0* 16.times { |i| message_json[i] ^= iv[i] }
NoMethodError: undefined method `^' for "{":String
from (irb):28:in `block in irb_binding'
from (irb):28:in `times'
from (irb):28

Answer

Answer
Fixed
We added support for ruby 1.9.+ now.

replace 
16.times { |i| message_json[i] ^= iv[i] }
with
16.times { |i| message_json[i] = (message_json[i].ord ^ iv[i].ord).chr }
and all should work
Under review
Will check and apply fix soon
Answer
Fixed
We added support for ruby 1.9.+ now.

replace 
16.times { |i| message_json[i] ^= iv[i] }
with
16.times { |i| message_json[i] = (message_json[i].ord ^ iv[i].ord).chr }
and all should work
Executes fine via IRB.  I'll comment after integrating it.

Code works fine, though I did change

sso_token = ([encrypted_bytes].pack('m*'))

to

sso_token = ([encrypted_bytes].pack('m0'))

as otherwise the browser complains about the carriage returns in the resulting value.


With all of that done unfortunately it doesn't work.  I haven't changed any of the key creation code so any pointers are appreciated. 

Here's a generated javascript request:
<script type="text/javascript">

var _ues = {
  host:'feedback.mirthworks.com',
  forum:'10578',
  lang:'en',
  tab_corner_radius:10,
  tab_font_size:20,
  tab_image_hash:'RmVlZGJhY2s%3D',
  tab_alignment:'right',
  tab_text_color:'#FFFFFF',
  tab_bg_color:'#8CC63F',
  tab_hover_color:'#62C462',
  params:{sso_token:'P+/gdwI9jKhbAJ5mO+fgJuTIXXoKg+pU/KBzcwVJsBY1fm0oWKCjKuY1VvTNcfipyoiapqd7lj87GzYlpL0+EXoSM2Hl+F6SfFqfKCtAUY02+fMQskX8RMo+vtGJxqTmlVTJ2iWRxvFlkQIYCa9i3OxORmHKZSdcL6Ec7tdGq7xKFWsPsyM9w+FW31YYY5iHXNiUBg9JIGTumoixd0NvfEgSYrNp1tfYB+nYRRjCfrj7L7IidVnK/HEJ3f1Mx6dxtcHczjwXWA1hWOKm+1lHEi/bA5JriM6ThJO5fPfZMMQXPK0gQjuBy76YS8PoZIwZ'}
};
(function() {
  var _ue = document.createElement('script'); _ue.type = 'text/javascript'; _ue.async = true;
  _ue.src = ('https:' == document.location.protocol ? 'https://s3.amazonaws.com/' : 'http://') + 'cdn.userecho.com/js/widget-1.4.gz.js';
  var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(_ue, s);
})();
</script>

Note that I also unsuccessfully tested with the key in a straight GET and mucked with the hostname such as 'mirthworks.userecho.com' both to no avail.


Replace last string in the source with
puts url+"/?sso_token=" + CGI.escape([encrypted_bytes].pack('m0')).gsub('+','%2B')
Later edit: Well would you look at that, it's using the test account that I created in Prod to leave this comment, Now I'm definitely confused.

Quandary time.  It works in my test environment but not in production.  I presume there's an environmental difference but I'm at a loss to explain it.


SSO key in Prod:

params:{sso_token:'RQQJKgwLVzxVAgfOZcDo7tA0hfvgEiDJjSRnqgNUV74QHiTMX4fgDVGJpEfpWxlA1zoKWvXxEh9Mf1lRlUoF%2BJWRRGy55g9JsKaCYCI9Tdm6wE1XFgiT4y0YQrkZQIUUqTfF/xqhG1zde7t/MqFatQwYI9BJ02Jrq/5CZ5RNO19pVsdOHHFNyFDB%2BwAhZidKVkf%2BudN4382BswqhkPSmuvhlZXy642%2BJ/55RZ/yXGqeUKbQ8Qhf/bPfOUcUyvtpjORc9Mmi%2BKxUGJztuhglPiuC1u%2BFykRlD6TtP9isT3Kn4UeRpkJgYWh2o0Y4GSmYI'}};
SSO key in stage:
      params:{sso_token:'LY39txV1FcypbzOB9385pRTEI%2B2kEfNxK/gdkTszw%2BEIdmPUgPAgC5txRSlx2noiQg1Bw7oIrzJFW39XCQG12gBLwwlvT9%2BIACfjnNPo2/XP6N/rm2hKaEkOGbX5Z%2BfljpoC/VDZLI/uMzTwVBxueW%2BRDu5A9R6fxNJdQWH5wWG9%2BgEBZpQfasrNlsdm3aL16v7xFVBaKrol7JXreOZu9vnDmXfI4tNp7wC5A9BtpNXKq4ZhnI%2BftrNynBmgHfKa0tvsb8Fp0NaEX73EKGhhBm6Qcp2UbTVeZSmn1I3IMOA='}


The plot thickens.  When a user clicks through to our feedback page the user doesn't show as logged in, but if they then use the URL bar to navigate to http://userecho.com/ then they show as logged in via the SSO mechanism.

Why aren't the users showing as logged in on our page?

Sorted it out.  It appears your SSO functionality is incompatible with your domain aliasing feature.  If I remove domain aliasing and change the 'host:' line in the javascript to refer to the '<site>.userecho.com' name instead SSO works as expected.

I also don't understand the point of adding the login URLs and whatnot to the SSO page as it suggests that doing so will redirect logins to the provided URL but I haven't found that to be the case.  Even with my site SSO'd if I'm logged out and navigate straight to my (non domain-aliased) Userecho site and click login the Userecho login pops up rather than redirecting to the login URL I provided on the SSO page.

We fixed issue and now you support community works on http://feedback.mirthworks.com/


Also now when users click sign-in on the UserEcho side it will redirect user to the your authorization url.

Great, I'll test and report back.
SSO works great but now it's not clear how to login as admins.  Our Userecho accounts know us as admins of Mirthworks but our SSO accounts do not.  Do you need to swap them out or something?
Give us the new ones and we link/merge it with old logins.
old -> new
jrimmer@mirthworks.com -> jrimmer
mhansen@mirthworks.com -> mhansen

We linked your accounts. Please logout and login again.
Looks good, thanks.
Could you update the docs with the suggestions from this bug, I spent a few hours trying to get it to work before I found this.
Sorry for inconvenience we updated ruby example on site.