External Vendor Integration

In the following sections, we will highlight the requirements and developmental duties placed on the external application provider to fully integrate with Portal.

Simplified Sequence Diagram

The following diagram presents the seamless login sequence. The external application provider must meet certain development tasks to support the seamless integration.

Simplified Sequence Diagram

Development Tasks

  1. Develop the custom auto-login web page.

    • The page must be capable of receiving the AuthGuid and TargetURL query-string variables.

    • The page need not have any graphical UI components,

  2. Validate the origin of the auto-login request.

    • For security reasons, the auto-login page should also validate the source of the request to ensure that it originates from Portal.

    • The auto-login page must execute on a web server with a well known IP address since the integration web service will reject requests made from unknown addresses.

  3. Request user authorization data from the integration web service

    • The auto-login page must hold a web reference to the integration web service (see Integration Web Service WSDL).

    • The RequestUserInfo method should be invoked.

    • The ExternalAuthorization object should be interrogated for a suitable AccessDenyType value of ‘SUCCESS’.

  4. Use the authorization data to validate the user

    • Once the ExternalAuthorization is successfully returned from the integration web service, the authorization values should be used to authenticate the Portal within the external vendor’s internal database.

    • If the authorization data does not form a match, the user should be redirected to a suitable ‘Access Denied!’ web page.

  5. Automatically login the user

    • If the authorization data does form a valid match within the external vendor’s database, the user should be automatically logged into the external site.

  6. Redirect the user to the secured TargetURL web page

    • If authorized, the user should be redirected to the TargetURL page that was originally passed as a query-string variable to the Auto-Login page during the initial process inception.

Integration Web Service

The integration web service supports a single method called ‘RequestUserInfo’ which returns a strongly typed business entity called ‘ExternalAuthorization’ (see Business Entity Schemas).  The third party vendor wishing to seamlessly integrate withPortal must consume this web service when responding to an auto-login request through the utilization of the authorization GUID supplied from the initial Portal request.

The return object can then be used by the third party vendor to decide whether or not to grant the auto-login request.

 CMCIntegrationServices
 {
  [WebMethod]
  ExternalAuthorization  RequestUserInfo( string authGuid );
 }
 <?xml version="1.0" encoding="utf-8" ?> 
 <ExternalAuthorization>
   <AccessDenyType>1</AccessDenyType>
   <UserID>1</UserID>
   <RoleType>(RoleType)</RoleType>
   <CampusVueID>(string)</CampusVueID>
   <CampusPortalID>(string)</CampusPortalID>
   <StaffCode>(string)</StaffCode>
   <StudentNumber>(string)</StudentNumber>
   <UserCode>(string)</UserCode>
   <FirstName>(string)</FirstName>
   <LastName>(string)</LastName>
   <HomePhone>(string)</HomePhone>
   <WorkPhone>(string)</WorkPhone>
   <CellPhone>(string)</CellPhone>
   <Email>(string)</Email>
   <PostalCode>(string)</PostalCode>
   <SSN>(string)</SSN>
   <CampusList>
       <Campus>
         <CampusID>1</CampusID>
         <Descrip>(string)</Descrip>
       </Campus>
   </CampusList>
   <XmlExtensions>(string)</XmlExtensions>
 </ExternalAuthorization>

The returned XML business entity (ExternalAuthorization) contains the ‘AccessDenyType’ enumerated field.  If for any reason the web service request fails or is denied, this field will provide an indication as to the cause of the failure.  The following values are possible:

Integration Web Service Deny Codes 

 public enum AccessDenyType
 {
   NULL = 0,
   SUCCESS = 1,// Access Granted.  Success
   INVALIDGUID = 2,// Access Denied.  Invalid AuthGuid
   EXPIREDGUID = 4,// Access Denied.  Expired AuthGuid
   UNTRUSTEDSOURCE = 8,// Access Denied.  Untrused IPAddress 
   USERNOTFOUND = 16// Access Failure.  User Not Found
 }

Note: SOAP exceptions returned from an invocation request may indicate that the web server is either down or unavailable.

Enumerations

 [Flags]
 public enum RoleType
 {
   NULL=0,
   STUDENT=1,
   STAFF=2,
   EMPLOYER=4,
   ADMIN=8,
   NONADMIN = STUDENT | STAFF | EMPLOYER,
   ALL = ADMIN | NONADMIN
 }
 [Flags]
 public enum AccessDenyType
 {
   NULL = 0,
   INVALIDGUID = 1,
   EXPIREDGUID = 2,
   UNTRUSTEDSOURCE = 4, 
   USERNOTFOUND = 8,
   ACCESSDENIED = INVALIDGUID | EXPIREDGUID | UNTRUSTEDSOURCE | USERNOTFOUND
 }