Foxy Forum Status

We're no longer responding to questions via our forum, but we will keep it up for historical reasons. If you can't find the answer you're looking for, please visit our knowledge base or contact us. If there's enough interest in the future, we may bring the forum back.

sso implementation help?

sivasiva Member
This is really urgent and very important for me. i am trying to implement sso for my site...that is users first logs into my i am providing a button to redirect to foxycart like Dim str = "" & auth_token & "&fc_customer_id=" & Session("ADMIN_ID") & "&timestamp=" & timeStamp & "&fcsid=" & fcsid & "&cart?name=cool example&sub_frequency=1m&price=10"
i have encoded the fc_auth_token using SHA1
and i have used
Dim customer_id = Session("ADMIN_ID")
Dim fcsid = Request.Form("fcsid")
Dim origDate As DateTime = DateTime.Now.AddMinutes(30)
Dim timeStamp As String = origDate.ToString("yyyyMMddhhmmss")
Dim pswd As String = (customer_id & "|" & timeStamp & "|" & foxycart_api_key)
Dim auth_token As String = FormsAuthentication.HashPasswordForStoringInConfigFile(pswd, "SHA1")

but when i click the above button it is redircting to foxycart cart page but it is showing "Your shopping cart is empty. Click here to return to the store." and no item is added to the cart i dont know where i am making the mistake....i have enabled "enable single sign on" in foxycart admin and provided the single sign on url

please help me really urgent

  • fc_adamfc_adam FoxyCart Team

    I think there may be some confusion as to where SSO comes into play. You don't need to add the SSO variables with add to cart links. Instead, when a customer proceeds to the checkout from the cart, FoxyCart will silently redirect the customer to the SSO endpoint you specify in your store's FoxyCart settings.

    At this endpoint, you will calculate the SSO hash and forward the customer back to the checkout with these parameters included. This is completely separate to any add to cart request - this happens when the customer proceeds to checkout.

    Also worth noting - FoxyCart will pass the session ID and the timestamp to your endpoint as request variables - so that's where you'll get those values from, rather than just grabbing the time from your server for that moment.

    More details on our wiki here:
  • sivasiva Member
    HI @fc_adam,

    You explained it very i have got complete understand of sso....i have implemented every thing as you said....but when user is redirected to cart it is showing Your order could not be found. Please start again. If you already clicked the order confirmation button, please check your email for a receipt.

    Your shopping cart is empty. Click here to return to the store.
    i have put the" & auth_token & "&fc_customer_id=" & Session("ADMIN_ID") & "&timestamp=" & timeStamp & "&fcsid=" & fcsid in a separate page and i didn't generate the timestamp value this time...
    i have used

    Dim timestamp=Request.Form("timestamp")
    Dim fcsid=Request.Form("Fcsid") as you explained in previous comment

    i have put this code in a separate page to use as sso endpoint

    i have set redirect url to sign in page of my website....when i click proceed to checkout button it s redirect to cart page but with no items added to it...this means that the fc_auth_token is valid...but i dont know why no item is added to cart...

    here i have another doubt when user first login to my site by providing email id and password ...the next time these values will be used in cart page...but how the user is authenticated....i need to know the process...

    i am using Dim user_is_authenticated = true in sso endpoint page.... if this is true then it will be successful....but how foxycart will authnticate the user who login my i need to set any values to foxycart to authenticate the user...

    your previous answer really helped me in getting the things right way....

    please help
    thanks in advance
  • fc_adamfc_adam FoxyCart Team

    Could you please whisper me the store this is for? I'd like to take a look. You can whisper a response by checking the "whisper" checkbox and entering my forum username in the text input that appears below.
  • sivasiva Member
    hello @fc_adam

    I will whisper you the store later.....i have successfully registered in foxycart using the code you provided in

    here i am successfully registered ......but when i redirected to checkout page again it is asking for password. i want to know where the user is authenticated sso end point you are asking for fc_auth_token which is the combination of three values (customer_id,timestamp and foxycartstore api key) this authentication token you are not accepting any password.

    please suggest me the clear work flow to authenticate the user

    it is really urgent and important

    i have referred the documentation in
  • fc_adamfc_adam FoxyCart Team

    If you look under "how it works" on that page, it details the flow that the customer goes through.

    The key thing to note with authenticating the user is that the customer needs to exist in FoxyCart's side. It is the ID of the customer record from FoxyCart's side that you provide as the customer_id value in the auth token.

    When that auth token can be verified on the FoxyCart side, the customer that matches that ID is then automatically logged in on the checkout. For what you've mentioned there, I think you may be providing the ID of the customer from your system, which is not what you need.
  • sivasiva Member
    edited May 2015
    sorry i forgot to send you login credentials
  • fc_adamfc_adam FoxyCart Team

    Looking at - I don't see SSO being enabled for your store. Have you disabled it as you were running into issues?

    I just quickly enabled it, ran a test and disabled it for the store - and the following error was triggered: "Invalid SSO hash. Redirecting back to store home page." - and you can see that from the "errors" section of the FoxyCart administration. I also see a large amount of these errors triggered previously.

    Within your code you pasted there - it looks like you just use the timestamp as it's sent - is that correct? If so, you need to add some additional time to that timestamp to show how long the checkout is valid for. So for example - our example PHP script for the SSO adds half an hour to the timestamp. If the timestamp has been passed, then the checkout will fail.

    Also as an aside, you can see an example code for the SSO auth token hashing on our wiki here:
  • sivasiva Member
    edited May 2015
    hi @fc_adam,

    Yes i have disabled sso for my store as it was not working.
    now i have fixed the is working fine now...thnak you very much for your time.

Sign In or Register to comment.