Customers who try to access your customer portal from your external page may be redirected to an external login page when they click the link. If and how this occurs depends on several factors.
The URL of the link to the customer portal that resides on the external page
Whether the customer is logged in to the external site
Whether the customer portal page being accessed requires login
If the link to your customer portal on your external site passes customer information in the URL and the customer is logged in to the external site, the customer data is passed through the Customer Portal login function. The customer is then logged in to the customer portal, and the page opens. The login process is invisible to the customer, who clicks the link on the external page and sees the customer portal page open.
When the customer portal page requires login or the customer clicks the Log In link on the customer portal but is not logged in to your external site, they will be directed to the page defined by the PTA_EXTERNAL_LOGIN_URL configuration setting. Most likely, this will be the login page for your external site. You can pass next page variables and session information in this URL.
The PTA_EXTERNAL_LOGIN_URL configuration setting also accepts the error code variables you can use in the PTA_ERROR_URL configuration setting to help troubleshoot pass-through authentication login issues. When a value is entered in the PTA_ERROR_URL configuration setting, any error code variables in the PTA_EXTERNAL_LOGIN_URL configuration setting are ignored.
For example, if the customer tries to open the Answers page but
you have required login on that page, the URL you specify to
redirect the login can contain the
%next_page% variable. After they have logged in, your login functionality
points them back to the customer portal, passing the validated
customer information and returning them to the Answers page.
The URL looks like this:
You can also pass URL parameters using this format:
The customer portal processes the customer information through its login functionality, although the customer does not see this process. If the information passed in the URL is sufficient to identify an existing contact record in the Oracle database, the customer is logged in and sees the customer portal page they originally tried to access. Any new or additional contact information that is passed through the URL is used to update the contact record.
The passed login parameters must provide data for the minimum required fields needed to log in to the customer portal (p_userid and p_passwd) or create a new contact record (p_userid, p_passwd, and p_email.addr). (In most cases, we recommend that you pass back all URL parameters to B2C Service that the application passed during the redirection.)
If no contact record in the database matches the login parameters passed to the customer portal, a new contact record is created and the customer is logged in to the customer portal as the new contact. If the contact information that is passed does not contain all the fields required to create a new contact record, you can configure the customer portal to direct the customer to an alternate URL. For example, you might create a web page that lets the customer know that access is denied. Or this URL might be a form for gathering the additional required information that then re-passes the parameters to the customer portal.
URLs sent to contacts through email (for example, a link to update the incident) use the URL specified in the PTA_EXTERNAL_LOGIN_URL configuration setting. If you pass a non-blank password using p_passwd in a PTA event and the EU_CUST_ PASSWD_ENABLED configuration setting is disabled, the PTA event will fail. We recommend that you do not change the default value of the EU_CUST_PASSWD_ENABLED configuration setting, which is Yes (enabled), when using PTA.
The customer session ID can be automatically appended to the URL when the customer is redirected through the customer portal. The page specified in the PTA_EXTERNAL_LOGIN_URL configuration setting must be configured to accept the session ID.