Single Sign-On Implementation in VB.NET for ZenDesk

If you would like your users to get automatically authenticated with ZenDesk, why not create a single sign-on method using VB.NET (ASP.NET) and the JWT – web authentication method?

zendesk-sso-1

Here are the steps of the single sign-on authentication process:

  1. An unauthenticated user (not already logged in) navigates to your Zendesk URL (for example, https://mycompany.zendesk.com/).
  2. The Zendesk SSO mechanism recognizes that SSO is enabled and that the user is not authenticated.
  3. The user is redirected to the remote login URL configured for the SSO settings (for example, https://mycompany.com/zendesk/sso).
  4. A script on your side authenticates the user using your proprietary login process.
  5. Your script builds a JWT request that contains the relevant user data.
  6. You redirect the customer to the Zendesk endpoint at https://mycompany.zendesk.com/access/jwt with the JWT payload.
  7. Zendesk parses the user detail from the JWT payload and then grants the user a session.

https://support.zendesk.com/hc/en-us/articles/203663816-Setting-up-single-sign-on-with-JWT-JSON-Web-Token-

First, create an ASHX handler which will handle all sign-in request. I have named mine SSO.ASHX. The link to direct your users to Zendesk should be: https://website/SSO.ashx.

Your SSO.ashx class:

<%@ WebHandler Language="VB" Class="SSO" %>

Imports System
Imports System.Web

Public Class SSO : Implements IHttpHandler, System.Web.SessionState.IRequiresSessionState


    Private Const SHARED_KEY As String = "your token"
    Private Const SUBDOMAIN As String = "your zendesk subdomain"

    Public Sub ProcessRequest(ByVal context As  _
            System.Web.HttpContext) Implements _
            System.Web.IHttpHandler.ProcessRequest
        Dim t As TimeSpan = (DateTime.UtcNow - New DateTime(1970, 1, 1))
        Dim timestamp As Double = CDbl(t.TotalSeconds)

        Dim payload As Dictionary(Of String, Object) = New Dictionary(Of String, Object)()

        ''get user name and email based on session id
        Dim d As New DataLayer
        Dim strEmail As String = d.GetUserEmail(context.Session("ClientID"), context.Session("ID"))
        Dim strName As String = d.GetUserFullName(context.Session("ClientID"), context.Session("ID"))
        Dim strClientName As String = d.GetClientName(context.Session("ClientID"))
        payload.Add("iat", timestamp)
        payload.Add("jti", System.Guid.NewGuid().ToString())
        payload.Add("name", strName)
        payload.Add("email", strEmail)
        payload.Add("external_id", context.Session("ID"))
        payload.Add("organization", strClientName)
        payload.Add("role", "user")


        Dim token As String = JWT.JsonWebToken.Encode(payload, SHARED_KEY, JWT.JwtHashAlgorithm.HS256)
        Dim redirectUrl As String = "https://" + SUBDOMAIN + ".zendesk.com/access/jwt?jwt=" + token

        Dim returnTo As String = context.Request.QueryString("return_to")

        If (returnTo IsNot Nothing) Then
            redirectUrl += "&return_to=" + HttpUtility.UrlEncode(returnTo)
        End If

        context.Response.Redirect(redirectUrl)
    End Sub

    Public ReadOnly Property IsReusable() As Boolean _
            Implements System.Web.IHttpHandler.IsReusable
        Get
            Return False
        End Get
    End Property
End Class
Advertisements