Synology SSO server login example

index.html

<html>
   <head>
   <!-- include Synology SSO js -->
   <script src="http://ds:5000/webman/sso/synoSSO-1.0.0.js"></script>
</head>

<body>

<script>
   /** Display login/logout button.
   * Use a html element with id button
   * @param logged boolean, are we logged ?
   */
   function setButton (logged) {
      if (logged) {
         document.getElementById('button').innerHTML = '<button onclick="SYNOSSO.logout()">Logout</button>';

      } else {
         document.getElementById('button').innerHTML = '<button onclick="SYNOSSO.login()">Login</button>';
      }
   }

   /** Callback for SSO.
   * Called by init() and login()
   * @param reponse the JSON returned by SSO. See Syno SSO Dev Guide.
   */
   function authCallback(reponse) {
      console.log(JSON.stringify(reponse));
      if (reponse.status == 'login') {
         console.log('logged');
         setButton(true);
      }
      else {
         console.log('not logged ' + reponse.status);
         setButton(false);
      }
   }

   SYNOSSO.init({
      oauthserver_url: 'http://ds:5000',
      app_id: 'a80a2d975796104eb7a7f38b971a8f99',
      redirect_uri: 'http://ds/test/relay.html', //no idea what this is :)
      callback: authCallback
   });
</script>

<h1> Syno SSO test</h1>

<p id='button'></p>

</body>

</html>

Does not work!

TypeError: F is null

Synology DS412+

DSM 6.0-7321 Update 7

@lezfez Are you pointing the path to the required js file correctly?

This part:

<html>
   <head>
   <!-- include Synology SSO js -->
   <script src="http://dsm_ip_or_hostname:5000/webman/sso/synoSSO-1.0.0.js"></script>
</head>

This is very helpful. But now that I have it working how do I get the user data out to the LDAP server. I have been looking for more documentation but can't find much out there. Do you know where I would get the documentation to access the users profile now that I have the access_tockon?

Thank you... it´s working for me. Result after logging in is an access_token id. I think this access token COULD be used to call further Synology APIs to access DS-functions. But I couldn´t find any documentation about the APIs. Any ideas? At least I would need the logged in username...

https://www.synology.com/de-de/support/developer#tool

https://global.download.synology.com/download/Document/DeveloperGuide/Synology_SSO_API_Guide.pdf

The Web-API of download-station doesn´t look like it supports OAuth...
https://global.download.synology.com/download/Document/DeveloperGuide/Synology_Download_Station_Web_API.pdf

Okay.... seems like it´s not THAT complicated.
Syno seems to not use OAuth really for its own Web-Admin.

If you are authenticated via SSO you can query the Syno API (without using the access_token).
Get a listing of present APIs

https://ds:5001/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=ALL

query for user info (derivable from API info)

https://ds:5001/webapi/entry.cgi?method=get&version=1&api=SYNO.Core.NormalUser

returns a JSON like

{"data":{"OTP_enable":false,"OTP_enforced":false,"disallowchpasswd":false,"editable":false,"email":"xxxx@xxx.org","fullname":"xxxxx","username":"xxxxx"},"success":true}

is it have php example?

Must Synology be configured with LDAP for SSO Server to work? Cos it's not working for me without.

@cljk (hoping you are still around a year later) - that link to query.cgi/entry.cgi info is awesome. Is there somewhere on Synology where that is even vaguely documented?

Going to https://www.synology.com/en-us/support/developer#web_developer I get a list of ...uh... command line tools!!!

@cljk I use SYNO's directory server + SSO server, refer to your code to achieve SSO login,it's success,But I can't get the account information after login. The link (https://ds:5001/webapi/entry.cgi?method=get&version=1&api=SYNO.Core.NormalUser) you mentioned above can be obtained from the browser after login. I try to get account information by ajax or php file_get_contents，The result of the execution is Access-Control-Allow-Origin or timeout。
Is there another way to get account information?

ditto! I can login, but if I can't know anything about the user who logged in, this system is useless to me!

Hello,
First of all, thank's so much to @jerome-labidurie and @cljk.
I recently hit the same bottleneck as you guys.
After reading the official docs (all of them) and finding nothing that could help me, I found by a complete accident this repo: https://github.com/kwent/syno/tree/master/definitions/DSM/6.0.2/8451. Unfortunately there was no info about SSO. However, after some digging in Synology's JS, I finally connected over SSH to my NAS a started looking around in /usr/syno/synoman/webapi. There is a file called SYNO.SSO.Backend.lib, stating that there should be API SYNO.SSO.Backend.AccessToken with methods: verify and exchange. And voila!

After running:
/webapi/entry.cgi?api=SYNO.SSO.Backend.AccessToken&version=1&method=exchange&access_token=<my token>

I got:
{"data":{"user_id":[my id],"user_name":"[my username]"},"success":true}

YAY!

So after hours of detective work, we can finally get one's username from access_token.

Thank you, I solved a big problem. @keombre
At present, the system is basically integrated, running for a while, and it is found that sometimes 120 error codes appear when logging in(DSM has logged in). No regularity was found in the account and time of appearance.

Hello! The example is great, but after logout and try to login again the form window only blinks and the status is "not_login". I try incognito mode and clear cookies with no effect. Is this a bug in Synology SSO or after logout should be any other sequence to clean something?

@LucasHerb
No matter how much I tried, I could not get this script to work in 2020, apparently due to updates in the Chrome security policy. I wrote my version in php, maybe it will help you – https://github.com/dagababaev/Synology_SSO_integration

@dagababaev Are you able to logout from the php version? I saw that the variables get unset, however, as I refresh the page, the auth gets passed and the variables get set again.

Also, the javascript version does not seem to work for me.

@sandrickn
it's true If you stay signed in Synology. To log out you must send command to Synology (i am not use it), but not only your web site

Hi all,

I'm using the code from dagababaev . On my WordPress-site. I'm able to login, from the WordPress-site, using "Synology SSL Server", and with a DSM-user. All works fine. But at the end I'm not able to show the logged-in user the home-page of the WordPress-site. Most probably because I have (almost) no knowledge of php.

Anybody any idea ?