Clubessential Paycloud Payment Portal SSO

Owned by Benjamin Hacker
Last updated: Sept 08, 2023
3 min read

Table of Contents

Overview

This document describes the Clubessential Payment Portal SSO (single sign-on) process that automatically signs authorized members into the Clubessential Payment Portal. This is a technical document and should be read by application developers wanting to integrate the Clubessential Payment Portal with an existing website where member authorization has already occurred. At the end of this document you will find C# and Java examples.

Required Permissions

 

Clubessential Paycloud Payment Portal SSO

Things you will need…

Prior to implementing the Clubessential Payment Portal SSO you will need to obtain the following information from Clubessential:

  1. 3DES Encryption Key – The encryption key, generated by Clubessential, used to encrypt membership information. The encryption key is a 48 character 3DES key.

  2. Clubessential Payment Portal Url – The Clubessential Payment Portal URL endpoint where SSO encrypted data will be submitted via an HTTP GET request

How SSO Works

There are four steps to the Clubessential Payment Portal SSO process:

  1. Generate a token

  2. Encrypt the token

  3. Append the encrypted token to the Clubessential Payment portal URL as a parameter

  4. Navigate the member’s browser to the URL

Generating a Token

The first step in the SSO process is generating a token. An example unecrypted token might look like this:

9/3/2013 9:26:21 PM|100|john.smith@Clubessentialpayments.com|John|Smith|1234.56

A token consists of up to six data fields separated with pipe delimiters:

  1. Current UTC Date/time (9/3/2013 9:26:21PM): This data field should contain the current date/time in UTC. Tokens are valid for two hours. If the UTC date/time is 9:26:21PM it will work with SSO until 11:26:21PM.

  2. Member Number (100): This data field is used to uniquely identify a member in the Clubessential Payment Portal. If no member can be found in the payment portal system with a matching member number a new member will be created with this number.

NOTE: Hyphens and spaces are automatically removed from the member number. For example, member number ‘100 A’, ‘100-A’ and ‘100A’ will yield the same result.

  1. Email Address (john.smith@Clubessentialpayments.com): This data field is the member’s email address. Email addresses must be a unique. If the email address does not match the email address in the payment portal system, the system value will be updated.

  2. First Name (John): This data field is the member’s first name. Existing value is updated

  3. Last Name (Smith): This data field is the member’s last name. Existing value is updated

  4. Balance (1234.56): This data field is optional. If provided this value will become the default payment amount

Encrypting a Token

After you have generated a token the next step is encrypting the token using the 48 character 3DES key provided by Clubessential. Here is a sample 3DES key:

fa21b161b659afec7633e08ea5ef54aaddd8728f5d3f7b97

If you encrypt the token above with this 3DES key you get the encrypted token:

18E4719B4DC9C4E0581964C16B0077609B58717B465106A235AEC353467EC2A370AF97F3CFBB68B6E4005AF1178FE926418E49E55ECEFE794E28E8FC2DED4AFC077883B6D2517BD542F116408588B0B6

Appending encrypted token to the Clubessential Payment Portal URL

Now that you have an encrypted token you can append it to the Clubessential Payment Portal URL provided by Clubessential. For example, if the Clubessential URL is:

http://discover.Clubessentialpayments.com/accounts/sso/member

Appending the token parameter to the URL will look like this:

http://discover.Clubessentialpayments.com/accounts/sso/member?token=18E4719B4DC9C4E0581964C16B0077609B58717B465106A235AEC353467EC2A370AF97F3CFBB68B6E4005AF1178FE926418E49E55ECEFE794E28E8FC2DED4AFC077883B6D2517BD542F116408588B0B6

Navigate member to the URL

Now that you have a URL the final step is navigating to this URL:

C# Example

Java Example

Best Practices

FAQs