Clubessential Paycloud Payment Portal SSO
- Benjamin Hacker
Table of Contents
Â
Overview
This document describes the Clubessential Payment Portal SSO (single sign-on) process that automatically signs authorized members into the Clubessential Payment Portal. This is a technical document and should be read by application developers wanting to integrate the Clubessential Payment Portal with an existing website where member authorization has already occurred. At the end of this document you will find C# and Java examples.
Required Permissions
Â
Clubessential Paycloud Payment Portal SSO
Things you will need…
Prior to implementing the Clubessential Payment Portal SSO you will need to obtain the following information from Clubessential:
3DES Encryption Key – The encryption key, generated by Clubessential, used to encrypt membership information. The encryption key is a 48 character 3DES key.
Clubessential Payment Portal Url – The Clubessential Payment Portal URL endpoint where SSO encrypted data will be submitted via an HTTP GET request
How SSO Works
There are four steps to the Clubessential Payment Portal SSO process:
Generate a token
Encrypt the token
Append the encrypted token to the Clubessential Payment portal URL as a parameter
Navigate the member’s browser to the URL
Generating a Token
The first step in the SSO process is generating a token. An example unecrypted token might look like this:
9/3/2013 9:26:21 PM|100|john.smith@Clubessentialpayments.com|John|Smith|1234.56
A token consists of up to six data fields separated with pipe delimiters:
Current UTC Date/time (9/3/2013 9:26:21PM): This data field should contain the current date/time in UTC. Tokens are valid for two hours. If the UTC date/time is 9:26:21PM it will work with SSO until 11:26:21PM.
Member Number (100): This data field is used to uniquely identify a member in the Clubessential Payment Portal. If no member can be found in the payment portal system with a matching member number a new member will be created with this number.
NOTE: Hyphens and spaces are automatically removed from the member number. For example, member number ‘100 A’, ‘100-A’ and ‘100A’ will yield the same result.
Email Address (john.smith@Clubessentialpayments.com): This data field is the member’s email address. Email addresses must be a unique. If the email address does not match the email address in the payment portal system, the system value will be updated.
First Name (John): This data field is the member’s first name. Existing value is updated
Last Name (Smith): This data field is the member’s last name. Existing value is updated
Balance (1234.56): This data field is optional. If provided this value will become the default payment amount
Encrypting a Token
After you have generated a token the next step is encrypting the token using the 48 character 3DES key provided by Clubessential. Here is a sample 3DES key:
fa21b161b659afec7633e08ea5ef54aaddd8728f5d3f7b97
If you encrypt the token above with this 3DES key you get the encrypted token:
18E4719B4DC9C4E0581964C16B0077609B58717B465106A235AEC353467EC2A370AF97F3CFBB68B6E4005AF1178FE926418E49E55ECEFE794E28E8FC2DED4AFC077883B6D2517BD542F116408588B0B6
Appending encrypted token to the Clubessential Payment Portal URL
Now that you have an encrypted token you can append it to the Clubessential Payment Portal URL provided by Clubessential. For example, if the Clubessential URL is:
http://discover.Clubessentialpayments.com/accounts/sso/member
Appending the token parameter to the URL will look like this:
http://discover.Clubessentialpayments.com/accounts/sso/member?token=18E4719B4DC9C4E0581964C16B0077609B58717B465106A235AEC353467EC2A370AF97F3CFBB68B6E4005AF1178FE926418E49E55ECEFE794E28E8FC2DED4AFC077883B6D2517BD542F116408588B0B6
Navigate member to the URL
Now that you have a URL the final step is navigating to this URL:
C# Example
Java Example
Best Practices
FAQs
Â
Â