1Introduction

Overview of Pass-Through Authentication

Pass-through authentication (PTA) lets you integrate B2C Service Customer Portal with an external customer validation source so that customers can automatically log in to your portal from an external web page.

The external source supplies login parameters to the customer portal by placing them in the URL of the customer portal page. This lets your customers log in to your website and then access the customer portal without requiring a second login specifically for the customer portal. Contact information is shared between the external source and the Oracle database since the customer portal uses external login information to create and update contact records.

Data encryption is available to more securely transmit customer information through the URL that accesses the customer portal, and several encryption options exist. Another PTA configuration option lets your customers log in directly to your customer portal, in addition to logging in with pass-through authentication from your external site. You also have the option of requiring customers to log out through the external site or allowing them to log out from your customer portal.

Although contact records can be created and updated through the PTA integration, they must be deleted through the agent desktop or another integration method, such as the XML API.

There are two paths available to the customer: Access the customer portal through an external page, or log in directly to the customer portal. When a customer accesses the customer portal through an external page, the system first checks if the customer is logged into the external site. If not, the customer is redirected to the login URL set in the PTA_EXTERNAL_LOGIN_URL configuration setting. After the customer is logged in, the system then checks if the customer has an existing customer portal contact record. If they do, the system checks if the PTA_IGNORE_CONTACT_PASSWORD configuration setting is enabled and if the PTA password is valid in the customer portal. If both are, the customer is logged in to the customer portal.

If the customer has no existing customer portal contact record, the system checks if the PTA_IGNORE_CONTACT_PASSWORD configuration setting is enabled. If it is, the PTA creates the contact record and populates the password with whatever the customer entered. If it is disabled, the PTA creates a contact record in the database with a null password.

If the customer already has an existing customer portal contact record but the PTA_IGNORE_CONTACT_PASSWORD configuration setting is not enabled, the system checks if the PTA password meets the customer portal password requirements. If it does, the customer is logged in to the customer portal. If it does not, the customer is directed to the page specified in the PTA_ERROR_URL configuration setting.

When the customer attempts to log in to the customer portal, existing customer portal contacts are checked for valid passwords before logging the customer in to the customer portal. If the customer does not have a valid password, they are directed to Account Assistance. If the customer does not have an existing customer portal contact record, the customer is directed to the Create an Account page to sign up and then log in.

This flowchart illustrates pass-through authentication as it is used with the customer portal.


This figure illustrates the process described in the text above.
Note: Contact your Oracle account manager for assistance in customizing PTA beyond the procedures detailed in this document.