Single Signon
To make use of our single signon solution a couple of settings are required.
-
Please contact OnlineAfspraken.nl first to enable this feature. This has to be enabled per account or subdomain.
-
The use of consumer account is required. Only consumers with a user account can be logged in automatically using single signon (SSO)
A customer account can be created using the API setCustomer. Because to use SSO a user account is required this customer has to be created with a username and password, even if these will not be used. It is possible to use fictitious usernames and passwords, as long as they are valid.
Important: the API loginCustomer is NOT used for SSO. This API is only used to validate a username/password and has no relevance to the SSO implementation.
After the customer account is created, via the API or any other means, it can be retrieved using the API getCustomer. If SSO is enabled for this account, and the consumer has a user account, the response will contain an extra variable, named "SingleSingon". This is a string formatted like "1234568|12345|abcdefgh". This is the SSO hash and is valid for 10 minutes after making this API call.
Then the default widget can be loaded with this hash as an extra parameter. This can be a direct link to the widget, or using an embed code ( see settings => embed widget ). The extra parameter will be appended to the widget URL as /signon/hash. Example:
https://widget.onlineafspraken.nl/consumer/booking/book/key/xxxxxxxxx-xxxxxx/.../exclude/mobiledetect/output/js/signon/1234568|12345|abcdefgh
After this the widget will be loaded with the consumer already logged in ( assuming the hash is still valid ). If the hash isn't valid (anymore) the widget will remain functional. However, the consumer will be presented with a login screen after selecting an appointment type, date and time.
