1. Account Administration
  2. Authentication
  3. Outbound Single Sign-on (SuiteSignOn)
  4. Troubleshooting SuiteSignOn (Outbound SSO)
  5. Troubleshooting the SuiteSignOn Signature
  6. Creating the Authorization Header for SuiteSignOn

Creating the Authorization Header for SuiteSignOn

The creation of the header is straightforward. Place the correct parameter in the correct place.

Important:

Each parameter must be percent-encoded. The examples in this section use PHP rawurlencode.

Header

            $header = 'Authorization: OAuth '
         .'oauth_token="' .rawurlencode($tokenKey) .'", '
         .'oauth_consumer_key="' .rawurlencode($consumerKey) .'", '
         .'oauth_nonce="' .rawurlencode($nonce) .'", '
         .'oauth_timestamp="' .rawurlencode($timestamp) .'", '
         .'oauth_signature_method="' .rawurlencode($signatureMethod) .'", '
         .'oauth_version="' .rawurlencode($version) .'", '
         .'oauth_signature="' .rawurlencode($signature) .'"';

Header HMAC-SHA256 Example

              Authorization: OAuth oauth_token="030e6a121766126c6b445655477e7252517c395926f3430a",  oauth_consumer_key="VutaTaro1ktGNXKD",  oauth_nonce="fjaLirsIcCGVZWzBX0pg", oauth_timestamp="1508242306", oauth_signature_method="HMAC-SHA256", oauth_version="1.0", oauth_signature="Q6jMu61V%2BORdf6UeZ39ixFSu3rXO2dwwuCq8PlcWNqQ%3D"

Header HMAC-SHA1 Example

              Authorization: OAuth oauth_token="030e6a121766126c6b445655477e7252517c395926f3430a",  oauth_consumer_key="VutaTaro1ktGNXKD",  oauth_nonce="fjaLirsIcCGVZWzBX0pg", oauth_timestamp="1508242306", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_signature="AAt58FZt8gxQZz9gtxSF%2FErFbcg%3D"

Header PLAINTEXT Example

              Authorization: OAuth oauth_consumer_key="VutaTaro1ktGNXKD", oauth_token="030e6a121766126c6b445655477e7252517c395926f3430a", oauth_nonce="fjaLirsIcCGVZWzBX0pg", oauth_timestamp="1508242306", oauth_signature_method="PLAINTEXT", oauth_version="1.0", oauth_signature="S3cr3t%2520P%2540ssw0rd%26"

Additional Shared Secret Requirements If Using PLAINTEXT

The shared secret must comply with the requirements specified in RFC 5849- OAuth 1.0, sections 3.4.4, 3.5.1 and 3.6.

  • The shared secret must be percent-encoded. Percent-encoding uses hexadecimal numbers. (You may be more familiar with URL encoding, which is different than percent-encoding. In percent-encoding, the space character (+) must be encoded as %20. When double-encoded, the space character %20 becomes %2520.)

  • The OAuth signature must include the ampersand character (&) which is used as a delimiter (ASCII code 38 in decimal, but %26 after encoding) even if the token secret is not used in SuiteSignOn.

  • For SuiteSignOn, the format is: signature = rawurlencode( rawurlencode(shared secret) '&' )

    For example, if you chose P@mpered15! as your shared secret, when encoded, the signature would be: "P%2540mpered15%2521%26"

Related Topics

SuiteSignOn (Outbound SSO) Error Messages
The Base String for SuiteSignOn
Outbound Single Sign-on (SuiteSignOn)
SuiteSignOn Overview
Understanding SuiteSignOn
SuiteSignOn Sequence Diagram and Connection Details
SuiteSignOn Required Features
Setting Up SuiteSignOn Integration
Creating SuiteSignOn Records
Creating SuiteSignOn Connection Points
Editing SuiteSignOn Records
Creating a SuiteSignOn Bundle
Making SuiteSignOn Integrations Available to Users
SuiteSignOn Definitions, Parameters, and Code Samples

General Notices