Tips & Tutorials

Zendesk Single Sign-On

clearFusionCMS can be used to authenticate users for Zendesk, the following describes the process of enabling it in just 4 steps.

Step 1 Enable Single Sign-On at Zendesk

Login to your Zendesk to enable single sign-on and get the shared secret you'll need in the next step.

  • Click the Admin cog at the bottom left of the screen
  • Click Security then select the Single Sign-On
  • Click edit next to JSON Web Token
  • Click Enable and put the address where the login page will be located on your site into the Remote login URL field.
  • Copy the Shared secret you'll need it later on

Step 2 Add the Code

Login to your clearFusionCMS installation that will be authenticating Zendesk users, go to Elements and create a new snippet. Name the snippet zendeskLogin and use the following code:

PHP Code:

/**
         * THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
         * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
         * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
         *
         * package clearFusionCMS
         * copyright Copyright (c) 2013 clearFusionCMS. All rights reserved.
         * link http://clearfusioncms.com
         */
        
        // Check that the shared key and subdomain have been passed
        if(!isset($key) || !isset($subdomain))
            return;
        
        // Only run if user authenticated
        $user = clearFusionCMS::getUser();
        if($user->isAuthenticated()) {
            // Create JWT
            $now = time();
            $token = array(
                'jti'   => md5($now . rand()),
                'iat'   => $now,
                'external_id' => $user->getId(),
                'name'  => $user->getUsername(),
                'email' => $user->getEmail()
            );
            
            // Encode and sign
            $segments = array();
            $segments[] = str_replace('=', '', strtr(base64_encode(json_encode(array('typ' => 'JWT', 'alg' => 'HS256'))), '+/', '-_'));
            $segments[] = str_replace('=', '', strtr(base64_encode(json_encode($token)), '+/', '-_'));
            $segments[] = str_replace('=', '', strtr(base64_encode(hash_hmac('sha256', implode('.', $segments), $key, true)), '+/', '-_'));
            
            // Redirect
            clearFusionCMS::getResponse()->redirectTo(clearFusionCMS::getSession()->flashGet('zendesk_returnto', 'https://' . $subdomain . '.zendesk.com/access/jwt') . '?jwt=' . implode('.', $segments));
        }
        else {
            if(clearFusionCMS::getRequest()->hasQuery('return_to'))
                clearFusionCMS::getSession()->flashSet('zendesk_returnto', clearFusionCMS::getRequest()->getQuery('return_to'));
            else
                clearFusionCMS::getSession()->flashKeep('zendesk_returnto');
        }

Save the snippet.

Step 3 Create a Login Page

Head back to the dashboard and select Documents, create a new document which will be the help desk login page making sure that it's in the location that you specified in the Remote login URL field, and add the following to the content:

[[!members.login &loginByUsername=`1` &loginByEmail=`1`]]
        [[!zendeskLogin &key=`xxxxxxxxxxxxxxxxxxx` &subdomain=`example`]]

Change xxxxxxxxxxxxxxxxxxx to be the shared secret you recorded when enabling single sign-on and change example to be your zendesk subdomain e.g. if your help desk is at example.zendesk.com then your subdomain will be example. The subdomain is only required as a fallback if something unexpected happens.

Publish the page.

Step 4 Testing

Make sure that you're logged out of clearFusionCMS and Zendesk, then head to your Zendesk subdomain and click login, if everything is working correctly you'll be presented with the login page on your website, login and you should be redirected back to Zendesk.

That's it all done.

 

TUTORIALS