CloudCherry is now part of Cisco.
Learn More About Cisco

SSO

Single Sign On (SSO) Code Snippets

Using Java

Download the CloudCherry Java SDK to use this ready snippet.

    String account = "your-main-username";
    String ssokey = "ssokey-set-from-mainuser"; // key set in main account's settings

    APIClient.SSOSubUser subuser = new APIClient.SSOSubUser();
    subuser.userid = "manager"; // SSO user to login/create/modify
    subuser.role = "Manager"; // Manager or ManagerReadOnly
    subuser.email = "validateduser@yourcorp.com";
    subuser.locations = new ArrayList< String >();
    //subuser.locations.add("Downtown"); // Optional Location Restriction for  ManagerReadOnly
    subuser.timeStamp = new Date();

    String signOnURL = APIClient.GenerateSSOUrl(subuser, account, ssokey);
    System.out.println("Redirect/Open From Browser below URL to execute Single SignOn : ");
    System.out.println(signOnURL);


  

Using .NET > 4.5

using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
using System.Web;

namespace SingleSignOn
{
    public class CloudCherrySSO
    {
        class SSOSubUser
        {
            public DateTime TimeStamp { get; set; } // UTC TimeStamp
            public string Userid { get; set; } // Unique User
            public string Email { get; set; } // Valid & Verified Email
            public string Role { get; set; } // Manager, MangerReadOnly
            public List< string > Locations { get; set; } // Optional
        }

        public void GenerateSSOToken()
        {
            string account = "your-main-username";
            string ssokey = "ssokey-set-from-mainuser"; // key set in main account's settings
            string json = JsonConvert.SerializeObject(
                new SSOSubUser
                {
                    Userid = "manager", // SSO user to login/create/modify
                    Role = "Manager",
                    Email = "validateduser@yourcorp.com",
                    TimeStamp = DateTime.UtcNow
                });

            string token = GetSSOToken(json, account, ssokey);

            string signOnURL = "https://api.getcloudcherry.com/#/login?sso=" + account + "&ssotoken=" + token;

            Console.WriteLine("Redirect/Open From Browser below URL to execute Single SignOn : ");
            Console.WriteLine(signOnURL);
        }

        static string GetSSOToken(string roleuser, string account, string ssokey)
        {
            //Generate Initial Vector
            string strIV = InitialVector(16);
            //Generate Hashed Key
            HMACSHA256 signer = new HMACSHA256(Encoding.UTF8.GetBytes(account));
            byte[] Key = Encoding.UTF8.GetBytes(Convert.ToBase64String(signer.ComputeHash(Encoding.UTF8.GetBytes(ssokey))).Take(16).ToArray());

            byte[] encrypted = null;
            using (MemoryStream msEncrypt = new MemoryStream())
            using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider())
            {
                aesAlg.Mode = CipherMode.CBC;
                aesAlg.Padding = PaddingMode.PKCS7;
                aesAlg.Key = Key;
                aesAlg.IV = Encoding.UTF8.GetBytes(strIV);

                ICryptoTransform encryptor = aesAlg.CreateEncryptor();
                using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
                {
                    byte[] plaintext = Encoding.UTF8.GetBytes(roleuser);
                    csEncrypt.Write(plaintext, 0, plaintext.Length);
                    csEncrypt.FlushFinalBlock();
                }
                encrypted = msEncrypt.ToArray();
            }

            string cryptedtoken = "sso-" + strIV + Convert.ToBase64String(encrypted).Replace("+", "*").Replace("=", "!");
            return HttpUtility.UrlEncode(cryptedtoken);
        }
        static string InitialVector(int maxSize)
        {
            char[] chars = new char[62];
            chars =
            "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890".ToCharArray();
            byte[] data = new byte[1];
            using (RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider())
            {
                crypto.GetNonZeroBytes(data);
                data = new byte[maxSize];
                crypto.GetNonZeroBytes(data);
            }
            StringBuilder result = new StringBuilder(maxSize);
            foreach (byte b in data)
            {
                result.Append(chars[b % (chars.Length)]);
            }
            return result.ToString();
        }

    }
}



      

Using PHP 5+

		//Set details
		$account = "your-main-username";
		$ssokey = "ssokey-set-from-mainuser";

		$user = array ( "Userid" => "manager", "Role" => "Manager", "Email" => "validateduser@yourcorp.com",  "TimeStamp" => gmdate("Y-m-d\TH:i:s\Z") );

		$data = json_encode($user);

		//Generate Initial Vector
		$iv = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 16);

		//Generate HMAC Key
		$key = substr(base64_encode(hash_hmac('sha256', $ssokey, $account, true)),0,16);

		//PKCS7 Padding
		$pad = 16 - (strlen($data) % 16);
		$paddata = $data . str_repeat(chr($pad), $pad);

		//Encrypt
		$ciphertext = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $paddata, MCRYPT_MODE_CBC, $iv));
		$encryptedtoken = str_replace("=","!",str_replace("+","*", $ciphertext));
		$token = urlencode("sso-" . $iv . $encryptedtoken);

		echo "Redirect/Open From Browser below URL to execute Single SignOn :\n";
		$signOnURL = "https://api.getcloudcherry.com/#/login?sso=" . $account . "&ssotoken=" . $token;
		echo $signOnURL. "\n";
		?>