The Base String for SuiteSignOn
The first step in creating a signature is construction of the Base String.
Constructing a Base String is not necessary if you are using PLAINTEXT as the signature method. However, rather than PLAINTEXT, you should use HMAC-SHA256, as it is the most secure signature option or you can use or HMAC-SHA1.
The values used in the following code samples are defined in the section Troubleshooting the SuiteSignOn Signature.
See the following topics in this section:
Create the Base String Manually
In the following example, the Base String consists of three parts. Each step contains a screenshot of a piece of the code to show the line numbers. To view the entire code example (without line numbers) see the following section: The restletBaseString Function.
POST parameters are used only with content type application/x-www-form-urlencoded
.
-
HTTP method - line 3
Note:The HTTP method must be in uppercase.
-
URL - lines 6-16
-
URL is taken without parameters. (lines 6-12)
-
Schema (http, https) and hostname must be in lowercase. (lines 13-15)
-
-
Parameters - lines 19-51
-
Place all OAuth, GET, and POST parameters into the array of arrays. (lines 19-37)
-
Parameter names and values are urldecoded before entering into array (lines 30–34)
-
The array is in alphabetical order, sorted by parameter name. (line 40)
-
The string containing all parameters is created. Each name and value is separated by the equal character (=) and each pair is separated by the ampersand character (&). Both name and value are rawurlencoded. (lines 42-50)
-
The whole string containing parameters is rawurlencoded before joining with rest of the Base String (line 51)
-
The restletBaseString Function
function restletBaseString($httpMethod, $url, $consumerKey, $tokenKey, $nonce, $timestamp, $version, $signatureMethod, $postParams){
//http method must be upper case
$baseString = strtoupper($httpMethod) .'&';
//include url without parameters, schema and hostname must be lower case
if (strpos($url, '?')){
$baseUrl = substr($url, 0, strpos($url, '?'));
$getParams = substr($url, strpos($url, '?') + 1);
} else {
$baseUrl = $url;
$getParams = "";
}
$hostname = strtolower(substr($baseUrl, 0, strpos($baseUrl, '/', 10)));
$path = substr($baseUrl, strpos($baseUrl, '/', 10));
$baseUrl = $hostname . $path;
$baseString .= rawurlencode($baseUrl) .'&';
//all oauth and get params. First they are decoded, next sorted in alphabetical order, next each key and values is encoded and finally whole parameters are encoded
$params = array();
$params['oauth_consumer_key'] = array($consumerKey);
$params['oauth_token'] = array($tokenKey);
$params['oauth_nonce'] = array($nonce);
$params['oauth_timestamp'] = array($timestamp);
$params['oauth_signature_method'] = array($signatureMethod);
$params['oauth_version'] = array($version);
foreach (explode('&', $getParams ."&". $postParams) as $param) {
$parsed = explode('=', $param);
if ($parsed[0] != "") {
$value = isset($parsed[1]) ? urldecode($parsed[1]): "";
if (isset($params[urldecode($parsed[0])])) {
array_push($params[urldecode($parsed[0])], $value);
} else {
$params[urldecode($parsed[0])] = array($value);
}
}
}
//all parameters must be sorted in alphabetical order
ksort($params);
$paramString = "";
foreach ($params as $key => $valueArray){
//all values must sorted in alphabetical order
sort($valueArray);
foreach ($valueArray as $value){
$paramString .= rawurlencode($key) . '='. rawurlencode($value) .'&';
}
}
$paramString = substr($paramString, 0, -1);
$baseString .= rawurlencode($paramString);
return $baseString;
}
Related Topics
- SuiteSignOn (Outbound SSO) Error Messages
- Troubleshooting the SuiteSignOn Signature
- Creating the Authorization Header for SuiteSignOn
- The Base String for SuiteSignOn
- Outbound Single Sign-on (SuiteSignOn)
- SuiteSignOn Overview
- Understanding SuiteSignOn
- SuiteSignOn Sequence Diagram and Connection Details
- SuiteSignOn Required Features
- Setting Up SuiteSignOn Integration
- Creating SuiteSignOn Records
- Creating SuiteSignOn Connection Points
- Editing SuiteSignOn Records
- Creating a SuiteSignOn Bundle
- Making SuiteSignOn Integrations Available to Users
- SuiteSignOn Definitions, Parameters, and Code Samples