Home → Problems →

Integrating automatic login

• Edit

Paul Alexander

11 Jun, 2009 08:19 PM

I've got the scripts set up to generate the tender_ cookies to integrate our signing process with our tender account (see attached screen shot). However when attempting to log in I see "Sorry, there was an error logging you in from XHEO's cookies.". I've checked that the HMAC code generates the correct hash using the test data and key "monkey" from the KB. What am I missing?

• 6-11-2009_1-15-43_PM.jpg 148 KB
• 6-11-2009_1-16-46_PM.jpg 10.2 KB

1. 1 Posted by rick on 12 Jun, 2009 05:09 AM

   

   Are you including the name with the hash? Without the name, you create the HMAC hash of the string: secret/domain.tenderapp.com/email/expires. But if the name is given, you need to include the name at the end of the hash: secret/domain.tenderapp.com/email/expires/name.

   I'm cracking my knuckles, preparing the write the most awesome SSO FAQ article ever, I'm so sick of these questions :)

   • Edit

2. 2 Posted by System on 12 Jun, 2009 05:10 AM

   

   A Lighthouse ticket was created for this discussion

   • Edit

3. 3 Posted by PhallGuy on 12 Jun, 2009 05:26 AM

   

   OK...I'll give that a try. But what is the 'secret' value? It's not in the KB docs either.

   • Edit

4. 4 Posted by rick on 12 Jun, 2009 05:28 AM

   

   It's the API key listed under your Site Settings.

   • Edit

5. 5 Posted by PhallGuy on 12 Jun, 2009 05:30 AM

   

   So you hash the API key? It was my understanding that it was used as the key to the HMAC algorithm.

   • Edit

6. 6 Posted by rick on 12 Jun, 2009 05:33 AM

   

   You hash all the values in one big string. We have a simpler method
   using an encrypted JSON hash actually. It's a little easier to
   explain, and the ruby lib is much easier to work with. It's part of
   what I'm going to be documenting tonight.

   • Edit

7. 7 Posted by rick on 12 Jun, 2009 06:37 AM

   

   Okay you were right, you hash the secret, and then the string with domain.tenderapp.com/email/expires/name.

   • Edit

8. 8 Posted by Ivon on 05 Oct, 2009 01:58 PM

   

   Hello!! Have a same problem :-(

   Can't atuo login

   In cookies all data set right. Can you help me?

   tender_email=ivon.webdev%40gmail.com; expires=Mon, 19-Oct-2009 13:58:09 GMT; path=/; domain=.ettend.
   com
   tender_expires=1255960689; expires=Mon, 19-Oct-2009 13:58:09 GMT; path=/; domain=.ettend.com
   tender_hash=70cb7f4f16ecdf23c1e865e688749793ad9079e2; expires=Mon, 19-Oct-2009 13:58:09 GMT; path=/;
   domain=.ettend.com

   • Edit

9. 9 Posted by Ivon on 05 Oct, 2009 01:59 PM

   

   Test with Monkey is Success

   • Edit

10. 10 Posted by Mira on 08 Oct, 2009 04:52 PM

    

    Hi there,

    Any updates on the issue ? I have a very similar issue trying to auto-login using HMAC even with the test secret and test data (Monkey) returning correct value.

    Thanks,
    Mira

    • Edit

11. Courtenay closed this discussion on 20 Nov, 2009 06:57 PM.