Synology SSO Server: Development Guide
Synology SSO Server: Development Guide
Development Guide
Freescale is registered
trademarks of Freescale
Semiconductor, Inc. or its
subsidiaries in the United States
Table of Contents
Chapter 1: Introduction
Chapter 2: Usage
DSM JavaScript SDK Script Location 5
Usage 5
Synology_SSO_Server_Development_Guide_20181015
Introduction
Synology DSM SSO Server is based on the OAuth 2 protocol. We provide the JavaScript SDK for 3rd party
development. SSO Server JavaScript SDK script will be installed automatically after SSO Server installation.
Javascript SDK
Usage
Initialization
SYNOSSO.init
SYNOSSO.init is used to initialize SYNOSSO SDK. You need to call SYNOSSO.init before calling any other
SYNOSSO APIs.
*Directory service related options are for directory service checking. If one of these options is provided, SSO
Server will validate if this directory service is the same as DSM that SSO Server belongs to.
Example:
SYNOSSO.init({
oauthserver_url: 'http://10.13.20.131:5000'
,
app_id: '153fcb35b01571b49cb0adca3a4bda40',
redirect_uri:
'http://10.13.20.130/relay.html'
,
//redirect url have to be the same as the
one registered in SSO server, and can be a plain text html file.
callback: authCallback
});
Authentication
SYNOSSO.login();
After calling SYNOSSO.login, a login popup window containing a dialog for SSO will appear. SYNOSSO.login
has no arguments and will call the callback registered in SYNOSSO.initafter the user logs in successfully.
Example:
SYNOSSO.login();
Response:
Response of Callback registered in SYNOSSO.init():
response:{
status
:'not_login'
}
response:{
status
: 'ERR_STRING'
}
* For ERR_STRING, please refer to Chapter 6 for more details.
Logout
SYNOSSO.logout(function(){
//do something after logout.
});
SYNOSSO.logouthas a callback which will be called after user logs out from SSO Server.
• Before a user logs out from your application, call SYNOSSO.logout, and this method will log out this user from
SSO Server.
• SYNOSSO.init must be called before SYNOSSO.logout.
• SYNOSSO.logout only logs out the user from SSO Server and will not affect login status of the user in others
applications.
Response of Callback of SYNOSSO.logout has no arguments.
Manual Flow
Step1: Bring the user to http://[DSM Oauth Server:5000]/webman/sso/SSOOauth.cgi with the following query
string parameters:
Ex:
SSO Server: 10.13.20.254
SSO Client: 10.13.22.128
http://10.13.20.254:5000/webman/sso/SSOOauth.cgi?app_id=a5a78d55b7d30dab1b3067d26bc4
9e49&scope=user_id&redirect_uri=http://10.13.22.128/sso_redirect_relay.html
Step3: After logging in successfully, the user will be redirected back to the redirect URI which this app registered
on SSO Server with following hash values:
• access_token: The access token which will be used to exchange user information.
• State(optional): If you provide the state at Step1, the exact same state will be returned.
Ex:
http://10.13.22.128/sso_redirect_relay.html#access_token=58322f3eaaG7t69030edH2bcdee08brWc6250eba&st
ate=fabc21cf
8 Chapter 4: Exchange User Information © 2015-2018 Synology Inc. All rights reserved.
5
Chapter
Example Code
Fontpage.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Test App 1</title>
<meta name="viewport" content="width=device-width,
initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
</head>
<body>
<div class="container">
<div class="form-signin">
<h1 class="form-signin-heading">Test App 1</h1>
<h2 class="form-signin-heading">Please sign in via Synology
Oauth </h2>
<button id="login-button">SSO Login</button>
</div>
</div>
</body>
<?php
session_start();
$accesstoken = $_GET['accesstoken'];
curl_close($ch);
return $output;
}
//SSO Server: 10.13.20.254:5000
$url_str =
"http://10.13.20.254:5000/webman/sso/SSOAccessToken.cgi?action=exchange&access_token=".$accesstoken
;
$resp = httpGet($url_str);
$json_resp = json_decode($resp, true);
if($json_resp["success"] == true){
$userid = $json_resp["data"]["user_id"];
$_SESSION["user_id"] = $userid;
//login success
} else {
//not login, redirect to frontpage.html
}
?>
Error String
ERR_STRING
• server_error - SSO server error.
• parameter_error - Parameter error when SYNOSSO.init.
• invalid_app_id - APP_ID error.
• invalid_redirect_uri - Redirect URI error.
• invalid_directory_service - Different directory service between SYNOSSO.init and DSM SSO Server.
• invalid_token - Invalid SSO access token.
• unknown_error - Other unexpected errors.