SignOn

Sign On with Ophardt Login

To use the Ophardt Login for authentication on your website you must implement the following:

Getting SignOn Service activated

  • The SignOn Service must be activated from Ophardt Administration for your federation.
  • After activation you can find in your federation settings on Ophardt Online:
    • The Sign On Service Key (which is needed for validation of the results)
    • An option to set the URL to which the user if forwareded after completing the login process on Ophardt Online. On this URL you need to verify the login.

Initializing the login

To inititalize you have to forward the user to:

/{locale}/signon/prepare/{your federation id}/{partnerID}/{partnerKey}

  • Locale is your language code (e.g. de for German, en for English) - only language codes supported on Ophardt Online
  • Your federation id is static - you can find it in your federation settings or request it from Ophardt Administration
  • The Partner ID can be set to any value (only letters and numbers) - it is returned after the user is sent back to your website and can be used to identify the person coming back to your website. It could be a local User ID or a unique number stored in your database or session of your webserver.
  • The Partner Key can be set to any value (only letters and numbers) - it is not returned but used for generating the returned login token. You need to store the Partner Key on your webserver (database or session). The same combination of Partner ID and Partner Key should not be used twice as otherwise an attacker would be able to reuse the login token.

Validating the login

After the user has completed the login on Ophardt Online he/she is forwarded to the URL set in your federation seetings (e.g. yourdomain.de/login/check.php).

The following information is included:

user_id The ID of the User on Ophardt Online
partnerID The ID sent by you to /{locale}/signon/prepare/
key The login token you need to validate
athlete (optional) The Ophardt athlete ID if logged in as athlete
referee (optional) The Ophardt referee ID if logged in as referee
official (optional) The Ophardt official ID if logged in as official

Please generate a string the following way:

Append:

  • user_id (from redirect URL)
  • secret key (from Ophardt Online settings)
  • partnerKey (stored on your server)
  • secret key (from Ophardt Online settings)
  • partner ID (from redirect URL)
  • A + AthleteID (if athlete)
  • O + OfficialID (if official)
  • R + RefereeID (if referee)

Make a md5 hash of this string.

Compare this string to the login token (key)

If both match then the login was successful.


EXAMPLE

Your secret key from Ophardt Online settings page is "1234567890" You redirected the user to: /de/signon/prepare/1/105/937145

and you get for example the following result: yourdomain..de/login/check?user_id=35&partnerID=105&athlete=300574&key=4fafd40632ddc0fef49eafd31f27b182

Then you make the following string: 3512345678909371451234567890105A300574

The MD5 Hash of this string would be: 4fafd40632ddc0fef49eafd31f27b182

As it is identically with the result in "key" the user with 35 and athleteID 300574 has been logged in successfully.