Welcome to the new Customer Portal! We are still in the process of moving all our customers so please bear with us if you are temporarily unable to log in. You can still email support@vanillaforums.com!

Register user via SSO

I am developing a website with own userbase and I'd like to implement a seamless integration between VF and our website user profiles using SSO. Having said that, I need a way of registering VF users once website profile is created. There has been similar discussion recently which mentioned an undocumented save.json API call. Since the other discussion is now closed, may I get more details for that API endpoint here? Thanks in advance.


  • Hi, I apologize for the delay.

    The endpoint is essentially the same as /users/edit

    After you create the user you can set the SSO link between the two with /users/sso

    We have a configuration setting to try and connect the user based on email address which I'd recommend in this case. If the user SSO's into the forum with a matching email address then it will connect without a password prompt. Let me know if you would like me to set that up for you.

    Please let me know if you have any further questions.

    Thanks, Jon

  • Hi Jon, many thanks for response.

    I am experimenting with various approaches to SSO at the moment, as I'm trying to integrate it with the website based on Python/Django which isn't particularly easy given lack of official support (although I've found quite useful 3rd party library at https://github.com/buddelkiste/jsConnectDjango) and fairly sketchy documentation on your site. For example, I don't have a clear idea of the exact purpose of the /users/sso API endpoint -- could you clarify this a bit for me providing example use cases, please?

    I will also try using /users/edit endpoint to create accounts at VF side, I'll let you know in case I needed further assistance around this. Thanks again, appreciated.

  • I've got stuck. I'm trying following POST requests, first against edit.json:

    Request Url: https://XXX.vanillaforums.com/api/v1/users/edit.json?access_token=XXX
    Request Method: POST
    Status Code: 200
    Params: {
        "Name": "APIUser",
        "Email": "api@api.com",
        "Username": "api_user"

    This basically returns... full user information for UserID=1 (System), which is completely unexpected. No user account at VF side gets created either.

    Then trying save.json:

    Request Url: https://XXX.vanillaforums.com/api/v1/users/save.json?access_token=XXX
    Request Method: POST
    Status Code: 400
    Params: {
        "Name": "APIUser",
        "Email": "api@api.com"

    Which returns another odd response:

        "Code": 400,
        "Exception": "Name is required. Email is required.",
        "Class": "Gdn_UserException"

    The API documentation is really poor, doesn't explain these endpoints in great extent, hence now the only hope is awaiting response here, unless I'll accidentally find a combination which would work...

  • Hi,

    I'm sorry for the miscommunication. /users/save uses the same parameters as /users/edit so you can reference that for building your API call.

  • Thanks Jon. As I pointed out above, the /users/save.json endpoint doesn't work as expected. Can you advise, please?

  • edited June 2013

    Hi, I'm sorry for misreading your above post.

    In your edit API call you are missing the smart ID so it's returning the first user by default.

    In your save API call my guess here is that you are using 'name' and 'email' versus 'Name' and 'Email'.

    A good way to test the calls is to do it in the command line like this.

    curl --data "Name=bacon&Email=jon@bacon.com" https://yourdomain.vanillaforums.com/api/v1/users/save.json?access_token=secretcode

  • Hi Jon,

    I have also tried to provide an UserID parameter in edit.json call - no luck. With save.json case (Name vs. name) doesn't matter.

    However, I've just tried the curl request you've suggested and it worked! How weird. I've been using browser-based extensions which allow interacting with webservices and I must have been doing something wrong. Turns back the basics are the best after all. :)

    Anyway, thanks for your help so far. I'll get back to the curl approach with further requests and will get back to you once I find any other issues.

  • Hi Jon. Another problem I've come across is that when I login to my website with the username which is also registered/SSO-linked to the VF (name it "charlie"), and then go directly to my VF instance, I don't get automatically signed-in to VF with the same user as on the website. I mean the VF detects that I'm signed in as "charlie" in my application (it says "charlie Sign In with myappname"), however I need to explicitly click sign-in, while I'd rather have that user signed in automatically for seamless experience.

    Additionally, is there a way of signing out an user from VF once I logout on my website? Ie. when I click "logout" button on my website and then go to VF, it still thinks I'm signed in as "charlie". Can this be also handled?

    Thanks in advance.

  • Hi, I've enabled a setting that should allow you to seamlessly login. Please give it a try and let me know the results.

    Thanks, Jon

  • edited July 2013

    Hi Jon, been busy with other stuff lately and haven't got round to testing this. Will pick it up very soon and keep you updated tough. Many thanks in advance.

This discussion has been closed.