To implement SSO between Kayako and your application in Ruby you will need a Ruby JWT implementation. We recommend to use Ruby JWT.

To load Ruby JWT into your application add the following line:

require 'jwt'

Checking for SSO request

In your controller's login code, just before you return the user back, check for the returnto argument as follows:

if params[:returnto].present?

The presence of the returnto argument indicates, that the login request was received from Kayako and you need to generate the JWT token and pass it back to the URL, that is specified in this argument.

Generating JWT token

The main part of the JWT token is called payload. To generate the payload you will need at least user_email and user_name, and shared_secret (which is shared with Kayako):

payload = {}
payload[:iat]   =
payload[:jti]   = Digest::MD5.hexdigest(shared_secret + ':' + payload[:iat].to_s)
payload[:email] = user_email
payload[:name]  = user_name

If the corresponding data are available for users in your application, it is recommended, that you also specify values for other claims.

When ready, use Ruby JWT to generate the token as follows:

token = JWT.encode(payload, shared_secret, 'HS256')

This code will generate the header and signature parts of the token and will format it accordingly.

Redirecting back to Kayako

When ready, the JWT token should be passed back to Kayako as a part of the returnto URL as follows:

redirect_to(params[:returnto] + '&jwt=' + token)

A complete sample

A complete working example of the Kayako SSO implementation in Ruby is also available as the Kayako SSO plugin for Redmine.