Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
SSO Login for Freshdesk support portal - PHP Sample Code (Updated)
<?php
define('FRESHDESK_SHARED_SECRET','____Place your Single Sign On Shared Secret here_____');
define('FRESHDESK_BASE_URL','http://{{your-account}}.freshdesk.com/'); //With Trailing slashes
function getSSOUrl($strName, $strEmail) {
$timestamp = time();
$to_be_hashed = $strName . FRESHDESK_SHARED_SECRET . $strEmail . $timestamp;
$hash = hash_hmac('md5', $to_be_hashed, FRESHDESK_SHARED_SECRET);
return FRESHDESK_BASE_URL."login/sso/?name=".urlencode($strName)."&email=".urlencode($strEmail)."&timestamp=".$timestamp."&hash=".$hash;
}
header("Location: ".getSSOUrl("User's Name","username@thecompany.com"));
@barryokane

This comment has been minimized.

Copy link

barryokane commented May 17, 2012

Thanks for this. I created an ASP.Net c# version: https://gist.github.com/2718191

@thanashyam

This comment has been minimized.

Copy link
Owner Author

thanashyam commented May 17, 2012

@barryokane Thanks a lot for your effort.

@Geczy

This comment has been minimized.

Copy link

Geczy commented Dec 4, 2012

One function PHP sample: https://gist.github.com/4209441

@derekseymour

This comment has been minimized.

Copy link

derekseymour commented May 8, 2014

@rogeriojlle

This comment has been minimized.

Copy link

rogeriojlle commented Nov 23, 2014

Congratulations!

But to me the code for NodeJS does not work when the name contains accent. it happens to other languages?

@johnchong005

This comment has been minimized.

Copy link

johnchong005 commented Mar 31, 2016

Hi, i am fresh php programming developer, how to do this SSO login ?

@jonmc99

This comment has been minimized.

Copy link

jonmc99 commented Apr 27, 2016

I am using the code above (albeit the original code from 2012) and it is working fine.

However, I was contacted by Freshdesk today with the following...


We noticed that you are using simple SSO and wanted to inform you that, moving forward, the format of your login details hash should be: Name, Shared secret key, Email address, and Timestamp (in that order). Please refer to this article and make the necessary changes ASAP.

As this is an important security update, we will stop supporting the old hashes by Thursday (28 April 2016) at 11 PM PDT.


Can you confirm your updated code conforms to the security update and if not, what changes need to take place to ensure it works prior to the above date?

@jonmc99

This comment has been minimized.

Copy link

jonmc99 commented Apr 27, 2016

I'm going to have a wild guess that the following line needs to be updated...

From:
return FRESHDESK_BASE_URL."login/sso/?name=".urlencode($strName)."&email=".urlencode($strEmail)."&timestamp=".$timestamp."&hash=".$hash;

To:
return FRESHDESK_BASE_URL."login/sso/?name=".urlencode($strName)."&hash=".$hash."&email=".urlencode($strEmail)."&timestamp=".$timestamp;

Basically just moving the "&hash=".$hash back a bit in the code to meet the new spec?

@jonmc99

This comment has been minimized.

Copy link

jonmc99 commented Apr 27, 2016

I've updated my code to the latest revision from 4 Dec 2013 and made the amendment noted above and it still logs in as expected. Guess I'll find out tomorrow whether my users can still login or not and I'll post back here.

@42degrees

This comment has been minimized.

Copy link

42degrees commented Apr 28, 2016

@jonmc99 The URL doesn't need to be changed as URL parameters do not respect order. The only thing that I see that would need to be changed is:

$to_be_hashed = $strName . FRESHDESK_SHARED_SECRET . $strEmail . $timestamp;

Note: We're not using PHP for this solution, so this is untested, but it works in my brain ;-)

@thanashyam

This comment has been minimized.

Copy link
Owner Author

thanashyam commented Apr 29, 2016

@42degrees Thats the change that needs to be done. Thank you.

@jonmc99 Sorry for the delay in updating this. I've changed the code, please let me know if it works or if you have any other issues with this.

@jonmc99

This comment has been minimized.

Copy link

jonmc99 commented Apr 29, 2016

Thanks for the feedback. That change matches what Freshdesk support also said.

I've updated my code and all tested to be working fine. Thanks for your assistance.

Oddly, my very original code (your original revision) also still works!

@abhinavgarg33

This comment has been minimized.

Copy link

abhinavgarg33 commented May 18, 2016

I am using this code but unable to login to freshdesk. Can someone help me. Thanks in advance.

function getSSOUrl($strName, $strEmail) {
$time = time();
return FRESHDESK_BASE_URL.
"login/sso/?name=".
urlencode($strName).
"&email=".
urlencode($strEmail).
"&timestamp=".
$time.
"&hash=".
getHash($strName,$strEmail,$time);
}

function getHash($strName, $strEmail, $time) {

$to_be_hashed = $strName . FRESHDESK_SHARED_SECRET . $strEmail . $time;
return hash_hmac('md5', $to_be_hashed, FRESHDESK_SHARED_SECRET);

}

@AbhiX28

This comment has been minimized.

Copy link

AbhiX28 commented Jul 16, 2016

I am facing a unique problem with this, the code works with email that do not consists of dot (.) before the @ sign.
If the email has a dot (.) e.g. firstname.lastname@gmail.com then the login does not work .
I think it could be because of the urlencode but not sure.
Any inputs/ suggestions???

Thanks

@abheist

This comment has been minimized.

@gdelacc

This comment has been minimized.

Copy link

gdelacc commented Feb 4, 2017

Its works

@AlLoud

This comment has been minimized.

Copy link

AlLoud commented Sep 4, 2018

An easier to read code with the help of PHP's http_build_query:

http_build_query([
  'name' => $strName,
  'email' => $strEmail,
  'timestamp' => $timestamp,
  'hash' => hash_hmac('md5', $str_to_be_hashed, FRESHDESK_SHARED_SECRET),
], '', '&amp;');

The whole code is in this fork:
https://gist.github.com/AlLoud/cfdea1aac2d158f288deaa71ed186037

@alfonmga

This comment has been minimized.

Copy link

alfonmga commented Jan 7, 2019

How do you guys handle a user's email address change scenario?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.