HMAC- SHA1( Single Sign-On) is a session and user authentication service that permits a user to use one set of login credentials to access multiple applications. Hash-based message authentication code (HMAC) provides the server and the client each with a private key that is known only to that specific server and that specific client. The client creates a unique HMAC, or hash, per request to the server by hashing the request data with the private keys and sending it as part of a request. What makes HMAC more secure than Message Authentication Code (MAC) is that the key and the message are hashed in separate steps. In addition to that the url request can also contain hashed profile field data of any member such as age, gender etc. which would then be mapped to appropriate profile field of the community member.
we use HMAC-SHA1 for this and the authentication works by passing tokens to a pre-specified endpoint using which the community admin can grant access to their members to the community portal.
For setting up the authentication, please follow below steps:
In order to initiate the handshake, the admin will have to pass the following tokens to the endpoint:
The DES encryption and the HMAC-SHA1 hash will be generated using the preset key.
Once the system receives the tokens, it checks if the ID_STRING matches the Signature. If there's a match, the handshake is authenticated and the member will be logged in.
Example: https://www.questionpro.com/a/panelsso?ID_STRING=DES encryption String&SIGNATURE=HMAC-SHA1 string&id=panel ID
This feature is available with the following license :