Toggle menu
  1. Community Area
  2. Release Notes
  3. Video Guides
  4. gossinteractive.com
  5. MyGOSS

authenticateViaLDAPSSO

Given a username, iterates through all configured LDAP providers attempting to find a matching user.

The return format is identical to the getAuthStatus method's response. If authentication is successful this method returns authenticated: true in the response along with details of the iCM Site User that was created/updated as part of the authentication process.

If while rendering a page the site has LDAP credentials made available to it - either via IIS or some other means - and LDAP authentication has been enabled the site should call this method first to attempt to log the user in seamlessly via LDAP. If logging in via LDAP is unsuccessful the site should take appropriate measures, perhaps displaying the default login form instead.

If the 'siteuser' iCM maintenance area is offline this method will return an error stating that site logins are currently disabled.

Parameters

NameTypeDescription
usernameString (UUID), requiredThe LDAP username of the user to authenticate. May contain the domain, eg MYDOMAIN\mavis.
siteUserGroupIdsArray<Long>, requiredAdditional site groups that the iCM Site User created by the authentication process should be added to.

Typically this would include the id of the designated subsite specific iCM site user group.

Response Fields

NameTypeDescription
authenticatedbooleanWhether authentication was successful or not.
providerNameStringName of the provider the user successfully logged in with.
actionErrorMapNot null if an error occurred (i.e. an exception was thrown that could not be recovered from)

{   
    "errorMessage": "",
        "errorDetails": {
        // Arbitrary details, eg
        // exceptionMessage,
        // exceptionStackTrace
    }
}   
actionFailureMapNot null if an authentication failure occurred (ie wrong username/password)

{   
    "failureMessage": "",
    "failureDetails": {
        // Arbitrary details
    }
}
arbitraryReturnDataMapArbitrary information that can be returned from any AuthAction, e.g. token values.   May be of use in the future.
userConsentedToDataStorageBooleanWhether the user consented to having their data from a third party stored or not.
siteUserMapContains details about the site user - essentially the return format of CSUserProfile_get. Includes the UserID, ObjectData, etc.  

Also includes 'SiteUserGroups', an array of groups of the user is a member of including the GroupID, GroupName, and Description.

Example Request

{
    "id": "1",
    "jsonrpc": "2.0",
    "method": "authenticateViaLDAPSSO",
    "params": {
        "username": "johnt",
        "siteGroupIds": [1]
    }
}

Example Response

{
    "id": "635998609805441605",
    "jsonrpc": "2.0",
    "result": {
        "result": {
            "authenticated": true,
            "providerName": "devdc1",
            "actionError": null,
            "actionFailure": null,
            "arbitraryReturnData": {},
            "userConsentedToDataStorage": true,
            "siteUser": {
                "UserID": 31,
                "UserName": "DC1_JOHNT",
                "CreatedBy": "AuthWorker_devdc1",
                "LastUpdatedBy": "AuthWorker_devdc1",
                "DateCreated": "2016-06-01T15:45:21Z",
                "DateLastUpdated": "2016-06-02T09:33:34Z",
                "Type": "USERPROFILE",
                "UserProfileType": "USERPROFILE",
                "ObjectID": 123,
                "ObjectData": {
                    "TITLE": "Mr",
                    "FORENAME": "Joshua",
                    "SURNAME": "Smith"
                },
                "SiteUserGroups": [{
                    "GroupID": 20,
                    "GroupName": "DEVDC1",
                    "Description": "devdc1"
                }]
            }
        }
    }
}

Last modified on June 27, 2023

Share this page

Facebook icon Twitter icon email icon

Print

print icon