Skip to main content
MindTouch Success Center

Create SSO authentication links in PHP

DEPRECATED! This authentication method is no longer a recommended or supported approach. MindTouch recommends using SAML Single Sign On, which provides enterprise-level authentication security.

Create authentication links in PHP via our Custom SSO workflow.

Although this sample uses PHP, authentication links can be easily generated in any modern programming language. After completing this how-to, you will have authentication links that allow users to log into your MindTouch site. Once a user clicks the link, they will be logged-into the site (and an account created for them, if necessary). Users are optionally redirected to a page of your choosing, or the site homepage by default.

How to create SSO authentication links in PHP

Part 1: Gather information

Begin by obtaining the following information:

Part 2: copy the code

Copy the following code sample into a file (authexample.php), and modify the values as required:

  • $apikey - the API key for your site
  • $username - the username to use when logging in
  • $redirect - the location to send the user after being authenticated (typically the root page of your site)
$apikey = 'YOUR-API-KEY';
$username = 'test-username';
$redirect = urlencode("");

// create the MD5 authhash
$timestamp = time();
$auth_hash = md5("{$username}:{$timestamp}:{$apikey}");

// create the token
$imp_auth_token = "imp_{$timestamp}_{$auth_hash}_={$username}";

// depending on your HTTP client, you may or may not need to URL encode the token
$imp_auth_token = urlencode($imp_auth_token);

echo "Auth token: \n";
echo "\n";

// Send the user to this URL to log them in and redirect to their final location
echo "Link for users:\n";
echo "" . $imp_auth_token . "&redirect=" . $redirect;
echo "\n";

Part 3: Execute the file

We can now execute the file to generate the link. This can be done easily from the command-line:

kazad@kazad-air $ php authexample.php 
Auth token: 
Link for users:

You can verify the authentication token and link are valid by copying the link into a new browser session. After visiting the link, the user is immediately logged in and redirected to the site. From their perspective, it was a single click to access the site.

Implementation notes

Impersonation tokens are only valid for a short time period, and shouldn't be printed in the page itself. Instead, generate the authentication link dynamically, after the user clicks a help link in your application. For example, a help link might be "<somearticle>", where the SSO page generates the token and redirects the user.

  • Was this article helpful?