Ruby
Requirements
To implement SSO between Kayako and your application in Ruby you will need a Ruby JWT implementation. We recommend to use Ruby JWT.
To load Ruby JWT into your application add the following line:
require 'jwt'
Checking for SSO request
In your controller's login code, just before you return the user back, check for the returnto
argument as follows:
if params[:returnto].present?
...
redirect_to(...)
return
end
The presence of the returnto
argument indicates, that the login request was received from Kayako and you need to generate the JWT token and
pass it back to the URL, that is specified in this argument.
Generating JWT token
The main part of the JWT token is called payload.
To generate the payload you will need at least user_email
and user_name
, and shared_secret
(which is shared with Kayako):
payload = {}
payload[:iat] = Time.now.to_i
payload[:jti] = Digest::MD5.hexdigest(shared_secret + ':' + payload[:iat].to_s)
payload[:email] = user_email
payload[:name] = user_name
If the corresponding data are available for users in your application, it is recommended, that you also specify values for other claims.
When ready, use Ruby JWT to generate the token as follows:
token = JWT.encode(payload, shared_secret, 'HS256')
This code will generate the header and signature parts of the token and will format it accordingly.
Redirecting back to Kayako
When ready, the JWT token should be passed back to Kayako as a part of the returnto
URL as follows:
redirect_to(params[:returnto] + '&jwt=' + token)
A complete sample
A complete working example of the Kayako SSO implementation in Ruby is also available as the Kayako SSO plugin for Redmine.