Single Signon ?

Anonymous 9 years ago in New features • updated by Sergey Stukov (co-founder) 3 years ago 23
Do you support single signon to identify the user


SSO is ready and is in testing stage, all who want to participate in testing, you are welcome
I would also be very interested in this feature. Together with the possibility of switching off shareing on twitter and facebook it would make UserEcho perfect for the user feedback for our online application.
When will there be Single Signon?
We want to use your system but without single signon it is not so helpfull for us.
SSO completed on 95% and we are testing it now. Also we are writing description how to use sso.
Can we be part of a beta test or something?
It is the last important fact to decide if we want to use your system.
We will be glad if you will test the sso. We see you are using php language. We will do our php example and will be sent to your email.
Thank you.
SSO is ready and is in testing stage, all who want to participate in testing, you are welcome
I'd like to participate, whot should I do and where I can get instructions?
We will send instruction to your email. Thank you.
We have fixed sso_token cutting (redirection) and hide alert with email confirmation.
SSO is ready and is in testing stage, all who want to participate in testing, you are welcome
Как на счет плагина к WordPress?

I have made sso work in Java as:

import org.codehaus.jettison.json.JSONObject;
import sun.misc.BASE64Encoder;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.Random;

public class UserEchoSSOTokenGenerator {

  public static final int  BLOCK_SIZE  = 16;
  public static final int  DEFAULT_EXPIRES  = 1 * 24 * 60 * 60 * 1000; // 1 day
  public static final String DEFAULT_USER_LANGUAGE = "en";

  public static void main(String[] args) {

  try {

  if (args == null || args.length != 5) {
  System.out.println("Usage: UserEchoSSOTokenGenerator <api-key> <project-key> <id> <name> <email>");

  String apiKey = args[0];
  String applicationKey = args[1];
  String id = args[2];
  String name = args[3];
  String email = args[4];

  Date expiredDate = new Date(new Date().getTime() + DEFAULT_EXPIRES);
  SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");

  JSONObject attributes = new JSONObject();

  attributes.put("guid", Long.parseLong(id));
  attributes.put("expires_date", dateFormat.format(expiredDate));
  attributes.put("display_name", name);
  attributes.put("email", email);
  attributes.put("locale", DEFAULT_USER_LANGUAGE);
  attributes.put("avatar_url", "");


  byte[] iv = getRandomIV();

  printByes("iv", iv);

  byte[] keyBytes = getKeyBytes(apiKey, applicationKey);

  printByes("keyBytes", keyBytes);

  byte[] inputBytes = attributes.toString().getBytes("UTF-8");

  printByes("inputBytes", inputBytes);

  ivXORFirstBlock(inputBytes, iv);

  printByes("XOR inputBytes", inputBytes);

  // Please note: we don't need to do padding here since the following encryption will handle the padding
  byte[] encryptedBytes = encrypt(inputBytes, iv, keyBytes);

  printByes("encryptedBytes", encryptedBytes);

  String base64Encoded = base64Encode(encryptedBytes);

  System.out.println("\nbase64Encoded: \n");

  String result = urlEncode(base64Encoded);

  System.out.println("\nencoded: \n");
  System.out.println("sso_token=" + result);

  } catch (Exception e) {


  // print out byte values to compare output from other language eg. php
  protected static void printByes(String name, byte[] bytes) {

  System.out.println(" length=" + bytes.length);

  for (int i = 0; i < bytes.length; i++) {
  System.out.print(" ");
  System.out.print(bytes[i] & 0xff);



  private static byte[] getRandomIV() throws UnsupportedEncodingException {

  StringBuilder builder = new StringBuilder();

  Random random = new Random();

  for (int i = 0; i < BLOCK_SIZE; i++) {
  builder.append((char) Math.floor(26 * random.nextDouble() + 65));

  return builder.toString().getBytes("UTF-8");


  private static byte[] getKeyBytes(String apiKey, String applicationKey) throws NoSuchAlgorithmException, UnsupportedEncodingException {

  String message = apiKey + applicationKey;

  MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");

  return Arrays.copyOfRange(messageDigest.digest(), 0, BLOCK_SIZE);


  private static void ivXORFirstBlock(byte[] inputBytes, byte[] iv) {

  // double XOR first block message_json
  for (int i = 0; i < BLOCK_SIZE; i++) {
  inputBytes[i] ^= iv[i];


  private static byte[] encrypt(byte[] json, byte[] iv, byte[] keyBytes) {

  try {

  SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");

  Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

  IvParameterSpec ips = new IvParameterSpec(iv);

  cipher.init(Cipher.ENCRYPT_MODE, key, ips);

  return cipher.doFinal(json);

  } catch (Exception e) {
  return null;


  private static String base64Encode(byte[] inputBytes) {

  BASE64Encoder encoder = new BASE64Encoder();

  return encoder.encode(inputBytes);


  private static String urlEncode(String input) throws UnsupportedEncodingException {

  return URLEncoder.encode(input, "UTF-8");



Do you have the SSO code in javascript for node?
Thanks Sergey! Very quick. Appreciate the help :)
This is really mission-critical for me. Can you help?
Sergey has been posted the SSO example for you. Do you need something else? Feel free to ask any questions here.
guid was removed from profile http://take.ms/4H9Mw few days ago, how can we get it back?
Hello Alexey,
We've returned it back. Sorry for inconvenience.
Мы настроили SSO, но я и админ Userecho, и пользователь нашего веб-приложения. Когда я пытаюсь залогиниться в Userecho с другого компьютера, то не могу залогиниться под своим логином/паролем (созданными при регситрации в Userecho). Так как требуются мои логин/пароль нашего веб-приложения. Как можно решить этот вопрос?
Если у пользователя который авторизуется через SSO (email адрес в профили совпадает с адресом пользователя администратора (1-й не SSO аккаунт)), то вы можете зайти в его профиль и обьединить аккаунты.

Если не получится напишите нам на support@userecho.com