使用DotNetOpenAuth为NetSuite的SuiteSignOn（出站单点登录） [英] Using DotNetOpenAuth for NetSuite SuiteSignOn (Outbound Single Sign-on)

问题描述

我试图找出如何使用DotNetOpenAuth（DNOA）接口到NetSuite的SuiteSignOn。我有一个Java的例子我想复制的功能，但我是新来的OAuth。以下是我有工作：

I am trying to figure out how to use DotNetOpenAuth (DNOA) to interface to NetSuite's SuiteSignOn. I have a java example I am trying to duplicate the function of, but I am new to OAuth. Here is what I have to work with:

这是NetSuite的要发生什么高级别：

This is the high level of what NetSuite wants to happen:

到NetSuite的

1. 用户登录，发起NetSuite的会话。

1. User logs in to NetSuite, initiating a NetSuite session.

用户点击在NetSuite的用户界面中执行下列操作之一：

User clicks on one of the following in the NetSuite user interface:

o一个子选项卡，可提供SuiteSignOn访问
o一个页面上显示的portlet，提供SuiteSignOn访问
o一个链接，一个Suitelet提供SuiteSignOn访问
Ø动作按钮，结果在一个用户事件脚本的执行，提供SuiteSignOn访问

o A subtab that provides SuiteSignOn access
o A page displaying a portlet that provides SuiteSignOn access
o A link for a Suitelet that provides SuiteSignOn access
o An action button that results in the execution of a user event script that provides SuiteSignOn access

NetSuite的生成令牌，并将该令牌发送给外部应用作为oauth_token URL参数的值。这出站HTTP调用还包括dcand的ENV URL参数。这些值可以被映射到用于NetSuite的访问（见的直流和env的URL参数值映射）的URL。如果任何数据字段是previously限定为用于连接所需的上下文，NetSuite的发送值同时这些字段

NetSuite generates a token, and sends this token to the external application as the value for the oauth_token URL parameter. This outbound HTTP call also includes a dcand an env URL parameter. These values can be mapped to the URL to be used for NetSuite access (see Mappings of dc and env URL Parameter Values). If any data fields were previously defined as required context for the connection, NetSuite sends values for these fields at the same time.

外部应用发送回NetSuite的令牌，消费者键，和它的共享机密，以及其他信息，例如时间戳和随机数，以验证用户。消费者的关键是应用程序提供商，通过NetSuite公司生成的唯一标识符当应用程序提供者设置一个SuiteSignOn连接。共享密码是通过这个设置在应用程序提供者定义的密码。

The external application sends back to NetSuite the token, the consumer key, and its shared secret, along with other information such as the timestamp and nonce, in order to verify the user. The consumer key is a unique identifier for the application provider, generated by NetSuite when the application provider sets up a SuiteSignOn connection. The shared secret is a password defined by the application provider during this setup.

NetSuite的响应验证，发送这是previously定义为必要的连接，以XML格式的任何用户识别信息。这些信息可能包括诸如电子邮件地址或名称，或自定义字段标准字段。

NetSuite responds to the verification, sending any user identification information that was previously defined as necessary for the connection, in XML format. This information may include standard fields like email address or name, or custom fields.

外部应用程序发送的HTML登陆页面，页面显示。或者，如果有一个问题，则返回一个错误，而不是

The external application sends the HTML for the landing page, and the page displays. Or, if there is a problem, an error is returned instead.

NetSuite的HTTP呼出（得到这个想通了）。

NetSuite HTTP Outbound Call (got this figured out).

当用户访问一个SuiteSignOn连接点，NetSuite公司发出出站呼叫，开始握手。以下是此调用的例子：

When a user accesses a SuiteSignOn connection point, NetSuite issues an outbound call to start the handshake. The following is an example of this call:

GET /SSO/demoApp.php?oauth_token=01046c1211661d6c6b415040422f0daf09310e3ea4ba&dc=001&env=PRODUCTION HTTP/1.1
Host: externalsystem.com 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: en-US,en;q=0.5 
Accept-Encoding: gzip, deflate 
Connection: keep-alive 

外部应用程序的HTTP验证呼叫（试图prepare这与DotNetOpenAuth）。

External Application HTTP Verify Call (trying to prepare this with DotNetOpenAuth).

在收到NetSuite的HTTP出站呼叫，外部应用程序需要发出HTTP验证调用。以下是此调用的例子：

Upon receipt of the NetSuite HTTP outbound call, the external application needs to issue an HTTP verify call. The following is an example of this call:

GET /app/common/integration/ssoapplistener.nl HTTP/1.0
Host: system.netsuite.com
Authorization: OAuth oauth_token="01046c1211661d6c6b415040422f0daf09310e3ea4ba", oauth_consumer_key="3moWE2ukbW4lohz7", oauth_signature_method="PLAINTEXT", oauth_signature="foobar1%26", oauth_timestamp="1364997730", oauth_nonce="392380036"

NetSuite的HTTP验证呼叫响应（我可以$ C C此$）。

NetSuite HTTP Verify Call Response (I can code this).

在接收到来自外部应用程序的验证呼叫的，NetSuite的发送响应。以下是此响应的例子：

Upon receipt of the verify call from the external application, NetSuite sends a response. The following is an example of this response:

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2013 13:30:41 GMT
Server: Apache/2.2.17
Set-Cookie: lastUser=1326288_79_3; expires=Tuesday, 23-Apr-2013 13:30:42 GMT; path=/
Set-Cookie: NS_VER=2013.1.0; domain=system.netsuite.com; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Connection: close
Content-Type: text/html; charset=utf-8

<?xml version="1.0" encoding="UTF-8"?>
<outboundSso>
    <entityInfo>
        <ENTITYLASTNAME>Smith</ENTITYLASTNAME>
        <ENTITYINTERNALID>79</ENTITYINTERNALID>
        <ENTITYACCOUNT>1326288</ENTITYACCOUNT>
        <ENTITYFIRSTNAME>John</ENTITYFIRSTNAME>
        <ENTITYEMAIL>jsmith@netsuite.com</ENTITYEMAIL>
    </entityInfo>
</outboundSso>

一个Java的例子使用OAuth 1.0A我试图移植到.NET中摘录/ DotNetOpenAuth：

The excerpts of a Java example using OAuth 1.0a that I'm trying to port to .net/DotNetOpenAuth:

import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthMessage;
import net.oauth.client.OAuthClient;
import net.oauth.http.HttpMessage;

<<snip>>

OAuthConsumer consumer = new OAuthConsumer(null, CONSUMER_KEY, SHARED_SECRET, null);
consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, "PLAINTEXT");
OAuthAccessor oauthAccessor = new OAuthAccessor(consumer);

//Get the token from NetSuite
oauthAccessor.accessToken = request.getParameter("oauth_token");

<<snip>>

OAuthMessage rqt = null;
rqt = oauthAccessor.newRequestMessage("POST", ssoVerifyUrl, null);
HttpMessage message = 

rqt.toHttpRequest(OAuthClient.ParameterStyle.AUTHORIZATION_HEADER);
                verifyConnection.setRequestProperty("Authorization", 

message.getHeader("Authorization"));

作为新的OAuth和DotNetOpenAuth，我摸索周围。

Being new to OAuth and DotNetOpenAuth, I'm fumbling around.

• 什么是OAuthConsumer适当更换DNOA在这种情况呢？ WebConsumer？ DesktopConsumer？
• 假设我需要这样的消费，如何ServiceProviderDescription的钱，我需要提供哪些资料？我只有一个端点（/app/common/integration/ssoapplistener.nl），我不知道这是一个请求，访问，或其他类型的端点。
• 什么是OAuthAccessor在DNOA适当的替代？

感谢您的任何援助， 博。

Thanks for any assistance, Bo.

推荐答案

好了，很多挖掘和实验后，我得到了DotNetOpenAuth与NetSuite的SuiteSignOn工作。它可能不是完美的，但它的工作！

Ok, after a lot of digging and experimenting, I got DotNetOpenAuth to work with NetSuite's SuiteSignOn. It may not be perfect, but it does work!

我得到了这个职位我tokenmanager：

I got my tokenmanager from this post:

<一个href="https://developer.yahoo.com/forum/Fantasy-Sports-API/Authenticating-with-NET-using-DotNetOpenAuth/1279209867000-4eee22f1-25fd-3589-9115-1a835add3212" rel="nofollow">https://developer.yahoo.com/forum/Fantasy-Sports-API/Authenticating-with-NET-using-DotNetOpenAuth/1279209867000-4eee22f1-25fd-3589-9115-1a835add3212

using DotNetOpenAuth.OAuth;
using DotNetOpenAuth.OAuth.ChannelElements;
using DotNetOpenAuth.OAuth.Messages;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OpenId.Extensions.OAuth;

// In my Page_Load method, I receive the GET request from NetSuite:
public partial class sso_page : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
// This is what the NetSuite SuiteSignOn ConnectionPoint sends:
// GET /administratorportal/SSO/sso_page.aspx?oauth_token=08046c1c166a7a6c47471857502d364b0d59415418156f15db22f76dcfe648&dc=001&env=SANDBOX
// see the NetSuite SuiteSignOn doc about dc & env processing to build endpoints

ServiceProviderDescription provider = GetServiceDescription();

// Set up OAuth with our keys and stuff
string token = Request.Params["oauth_token"];
string consumerKey = "yourconsumerkey";    // this has to match what is defined on our NetSuite account - ConnectionPoint to CRMLink
string sharedSecret = "yoursharedsecret";        // this has to match what is defined on our NetSuite account - ConnectionPoint to CRMLink - Careful - NO funny chars like '!'

// I got this InMemoryTokenManager from another DotNetOpenAuth post in SO
InMemoryTokenManager _tokenManager = new InMemoryTokenManager(consumerKey, sharedSecret);
AuthorizationApprovedResponse authApprovedResponse = new AuthorizationApprovedResponse();
authApprovedResponse.RequestToken = token;

_tokenManager.StoreOpenIdAuthorizedRequestToken(consumerKey, authApprovedResponse);

WebConsumer consumer = new WebConsumer(provider, _tokenManager);

// this is the SSO address in netsuite to use.  Should be production or sandbox, based on the values of dc and env
string uri = "https://system.sandbox.netsuite.com/app/common/integration/ssoapplistener.nl";
                MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint(uri, methods);

WebRequest verifyRequest = consumer.PrepareAuthorizedRequest(endpoint, token );
HttpWebResponse responseData = verifyRequest.GetResponse() as HttpWebResponse;

XDocument responseXml;
responseXml = XDocument.Load(responseData.GetResponseStream());

// process the SSO values that come back from NetSuite in the XML  They should look something
// like the following:
/* XML response should look like this:

<?xml version="1.0" encoding="UTF-8"?>
<outboundSso>
    <entityInfo>
         <ENTITYINTERNALID>987654</ENTITYINTERNALID>
         <ENTITYNAME>Fred</ENTITYNAME>
         <ENTITYEMAIL>fred@yourcompany.com</ENTITYEMAIL>
    </entityInfo>
</outboundSso>
*/

// If that data looks good, you can mark the user as logged in, and redirect to whatever
// page (like SSOLandingPage.aspx) you want, which will be shown inside a frame on the NetSuite page.

Response.Redirect("~/SSOLandingPage.aspx", false);

// If that data looks bad, invalid user/login?  Then you could respond with an error or redirect to a login.aspx page or something.

还有一些其他的错误处理，并根据发生的情况不同的回报，但上面是NetSuite的SuiteSignOn接收SSO登录的基础。

There is some other error handling and different returns depending on what happens, but the above is the basics of receiving an SSO login from NetSuite SuiteSignOn.

这是一场艰苦的codeD ServiceProviderDescription我用。你需要阅读的NetSuite SuiteSignOn文档了解如何动态地建立这些端点基于DC和env的值，我没有这样做，在这里呢。

This was a hardcoded ServiceProviderDescription I used. You need to read the NetSuite SuiteSignOn doc to understand how to dynamically build these endpoints based on values of dc and env, I did not do that here yet.

// I'm not completely sure why I need all these endpoints below, and since I provide an endpoint as such:
//                 MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint(uri, methods );
// these don't seem like I need them.  But I need a ServiceProviderDescription to create a consumer, so...
private ServiceProviderDescription GetServiceDescription()
{
    return new ServiceProviderDescription
    {
        AccessTokenEndpoint = new MessageReceivingEndpoint("https://system.sandbox.netsuite.com/app/common/integration/ssoapplistener.nl", HttpDeliveryMethods.GetRequest),
        RequestTokenEndpoint = new MessageReceivingEndpoint("https://system.sandbox.netsuite.com/app/common/integration/ssoapplistener.nl", HttpDeliveryMethods.GetRequest),
        UserAuthorizationEndpoint = new MessageReceivingEndpoint("https://system.sandbox.netsuite.com/app/common/integration/ssoapplistener.nl", HttpDeliveryMethods.GetRequest),
        ProtocolVersion = ProtocolVersion.V10a,
        TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new PlaintextSigningBindingElement() }
    };
}

这篇关于使用DotNetOpenAuth为NetSuite的SuiteSignOn（出站单点登录）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！