Webex Experience Management is now part of Cisco.
Learn More About Cisco

SSO

Single Sign On (SSO) Code Snippets

Using Java

Download the [Webex Experience Management Java SDK](https://assets.getcloudcherry.com/assets/Webex Experience ManagementJavaAPIClient.jar) to use this ready snippet.

    String account = "your-main-username";
    String ssokey = "ssokey-set-from-mainuser"; // key set in main account's settings

    APIClient.SSOSubUser subuser = new APIClient.SSOSubUser();
    subuser.userid = "manager"; // SSO user to login/create/modify
    subuser.role = "Manager"; // Manager or ManagerReadOnly
    subuser.email = "validateduser@yourcorp.com";
    subuser.locations = new ArrayList< String >();
    //subuser.locations.add("Downtown"); // Optional Location Restriction for  ManagerReadOnly
    subuser.timeStamp = new Date();

    String signOnURL = APIClient.GenerateSSOUrl(subuser, account, ssokey);
    System.out.println("Redirect/Open From Browser below URL to execute Single SignOn : ");
    System.out.println(signOnURL);


  

Using .NET > 4.5

using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
using System.Web;

namespace SingleSignOn
{
    public class Webex Experience ManagementSSO
    {
        class SSOSubUser
        {
            public DateTime TimeStamp { get; set; } // UTC TimeStamp
            public string Userid { get; set; } // Unique User
            public string Email { get; set; } // Valid & Verified Email
            public string Role { get; set; } // Manager, MangerReadOnly
            public List< string > Locations { get; set; } // Optional
        }

        public void GenerateSSOToken()
        {
            string account = "your-main-username";
            string ssokey = "ssokey-set-from-mainuser"; // key set in main account's settings
            string json = JsonConvert.SerializeObject(
                new SSOSubUser
                {
                    Userid = "manager", // SSO user to login/create/modify
                    Role = "Manager",
                    Email = "validateduser@yourcorp.com",
                    TimeStamp = DateTime.UtcNow
                });

            string token = GetSSOToken(json, account, ssokey);

            string signOnURL = "https://api.getcloudcherry.com/#/login?sso=" + account + "&ssotoken=" + token;

            Console.WriteLine("Redirect/Open From Browser below URL to execute Single SignOn : ");
            Console.WriteLine(signOnURL);
        }

        static string GetSSOToken(string roleuser, string account, string ssokey)
        {
            //Generate Initial Vector
            string strIV = InitialVector(16);
            //Generate Hashed Key
            HMACSHA256 signer = new HMACSHA256(Encoding.UTF8.GetBytes(account));
            byte[] Key = Encoding.UTF8.GetBytes(Convert.ToBase64String(signer.ComputeHash(Encoding.UTF8.GetBytes(ssokey))).Take(16).ToArray());

            byte[] encrypted = null;
            using (MemoryStream msEncrypt = new MemoryStream())
            using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider())
            {
                aesAlg.Mode = CipherMode.CBC;
                aesAlg.Padding = PaddingMode.PKCS7;
                aesAlg.Key = Key;
                aesAlg.IV = Encoding.UTF8.GetBytes(strIV);

                ICryptoTransform encryptor = aesAlg.CreateEncryptor();
                using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
                {
                    byte[] plaintext = Encoding.UTF8.GetBytes(roleuser);
                    csEncrypt.Write(plaintext, 0, plaintext.Length);
                    csEncrypt.FlushFinalBlock();
                }
                encrypted = msEncrypt.ToArray();
            }

            string cryptedtoken = "sso-" + strIV + Convert.ToBase64String(encrypted).Replace("+", "*").Replace("=", "!");
            return HttpUtility.UrlEncode(cryptedtoken);
        }
        static string InitialVector(int maxSize)
        {
            char[] chars = new char[62];
            chars =
            "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890".ToCharArray();
            byte[] data = new byte[1];
            using (RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider())
            {
                crypto.GetNonZeroBytes(data);
                data = new byte[maxSize];
                crypto.GetNonZeroBytes(data);
            }
            StringBuilder result = new StringBuilder(maxSize);
            foreach (byte b in data)
            {
                result.Append(chars[b % (chars.Length)]);
            }
            return result.ToString();
        }

    }
}



      

Using PHP 5+

		//Set details
		$account = "your-main-username";
		$ssokey = "ssokey-set-from-mainuser";

		$user = array ( "Userid" => "manager", "Role" => "Manager", "Email" => "validateduser@yourcorp.com",  "TimeStamp" => gmdate("Y-m-d\TH:i:s\Z") );

		$data = json_encode($user);

		//Generate Initial Vector
		$iv = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 16);

		//Generate HMAC Key
		$key = substr(base64_encode(hash_hmac('sha256', $ssokey, $account, true)),0,16);

		//PKCS7 Padding
		$pad = 16 - (strlen($data) % 16);
		$paddata = $data . str_repeat(chr($pad), $pad);

		//Encrypt
		$ciphertext = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $paddata, MCRYPT_MODE_CBC, $iv));
		$encryptedtoken = str_replace("=","!",str_replace("+","*", $ciphertext));
		$token = urlencode("sso-" . $iv . $encryptedtoken);

		echo "Redirect/Open From Browser below URL to execute Single SignOn :\n";
		$signOnURL = "https://api.getcloudcherry.com/#/login?sso=" . $account . "&ssotoken=" . $token;
		echo $signOnURL. "\n";
		?>