Not Utilizing

Due to security concerns that the UCINetID credentials are passing through TouchNet, not allowing LDAP integration.

(I-Rong Lin) LDAP integration

From: Jennifer Twyford [mailto:Jennifer.Twyford@touchnet.com]
Sent: Thursday, July 30, 2015 8:43 AM
To: I-Rong Lin; sfinsvcsdev@uci.edu; Mathew Lindley
Subject: FW: LDAP Integration for TouchNet Market Place

Hello I-Rong,
I understand that you are interested in establishing a custom authentication w/ Marketplace uStores 
with your LDAP and below is what we believe is entailed, but understand that this is in place at 
only 1 other site and with this request will come a lot of discovery. We did not account for 
this custom integration when developing the current scope and the assigned tech resource does 
not have any availability to begin research or active work on how to create this custom 
authentication. With that being said, if after reviewing the documentation you all would like 
to schedule a custom authentication project, I will notify the Service Team MGR to review schedules.

To provide a summary of what this authentication entails, please review starting on page 361 
section 6.5 'About Private Stores'
TouchNet Steps
1. Install a separate LDAP Connection Module & configure to activate the request XSL 
   used for authenticating LDAP Users
2. Update the transaction attributes file to include this new method

Customer Steps
1. Review the attached User Guide starting on page 361; it will advise your IT on how to 
   create an authentication method. (under System Administration/User Settings/ User Authentication)
2. That user authentication will then be assigned to a user group 
   (under System Administration/User Settings/ User Groups).
3. Once the user group is created and the authentication added to that group, OP center users 
   will be able to assign that group to a store (making it a private store only available for 
   that group or give a different set of payment methods for that group).

Once the above steps are complete, you have a couple ways to authenticate a user
1. Make the group available to registered users in the "My Membership" tab of the "My Account" 
   page for registered users. Registered users could than assign that group to their account and
   automatically get the benefits of that group when they login in the mall/store.
2. CUSTOMER can connect from their side and create a secure link on their page to pass on the 
   group ID, username and password when they direct them to the mall/store. We explain how to 
   link to the mall or store , examples of code to pass on the group ID and password is on page 369.

Regards,
Jennifer Twyford

20150825 Mathew Lindley: In the Marketplace Ops Center, here is an example list of user groups for use with TouchNet from a successfully set up LDAP integration and the steps required to activate the groups for use.
1. User Authentication methods created at the Marketplace level.
  1. Work with TouchNet system administrator to create new LDAP connection, which will generate a new Transaction code value.
  2. Use indicated values for other technical items.
2. User groups are created at the Marketplace level.
  1. Sample groups from another school
  2. When creating, must check "Display to Buyers". Otherwise, products do not show up in store ...
3. There are a few steps to turning a store private. I’ll use the Notre Dame Band Webstore as an example (without actually making it private):
  1. Step 1: Go to the Store’s Single Store settings and make the store not viewable in the mall (you will also select Use Single Store Mode=Yes)
  2. Step 2: In the store’s Allowed Group settings, select only the User group you wish to employ and save:
  3. Step 3: Make sure your Group Payment Methods reflect the correct payment methods for your group (defaults to none selected!)
  4. Step 4: All Private stores must link through the below URL to the login page (this is the URL for TEST), the highlighted portions change based on the Store ID (obtainable from the Marketplace Operations Center Home) and the Group ID (obtainable from System Administration > Settings > User Settings > User Groups > Edit Group, pictured below)
4. Private Store Test URL: You will need to correct the highlighted fields for the link to succeed
  https://test.secure.touchnet.net:8443/C21570test_ustores/rsbuyer?START_APP=true&JSP_TYPE=web&Navigate=store_main.jsp%3FSTOREID%3D<STORE ID>%26SINGLESTORE%3Dtrue&OnError=group_login.jsp%3FGROUP_ID= <GROUP ID>&AUTH_EXTERNAL_USER=ActionKey&GROUP_ID=<GROUP ID>
  https://test.secure.touchnet.net:8443/C21570test_ustores/rsbuyer?START_APP=true&JSP_TYPE=web&Navigate=store_main.jsp%3FSTOREID%3D12%26SINGLESTORE%3Dtrue&OnError=group_login.jsp%3FGROUP_ID=4&AUTH_EXTERNAL_USER=ActionKey&GROUP_ID=4
  Store ID of the Private Store
  Desired Group ID
5. Store authentication page
```
<form action="https://test.secure.touchnet.net:8443/C21570test_ustores/rsbuyer" method="post" name="group_login_form" id="group_login_form">
  <input name="tapp-stoken" value="pksnvCVyLlo" type="hidden">
  <input id="Navigate" name="Navigate" value="store_main.jsp?STOREID=31&amp;SINGLESTORE=true" type="hidden">
  <input id="GROUP_LOGIN" name="GROUP_LOGIN" value="ActionKey" type="hidden">
  <input id="OnError" name="OnError" value="group_login.jsp?GROUP_ID=5" type="hidden">
  <input id="GROUP_ID" name="GROUP_ID" value="5" type="hidden">
  <input id="REDIRECT" name="REDIRECT" value="" type="hidden">
  <p>
    UCI Affiliates
  </p>
  
  <p>
    Please enter your UCInetID and password.
  </p>
  <p>
    <label for="USERNAME">UCInetID:</label>
    <input class="text" id="USERNAME" name="USERNAME" maxlength="20" value="" type="text">
  </p>
  <p>
    <label for="PASSWORD">Password:</label>
    <input class="password" id="PASSWORD" name="PASSWORD" maxlength="20" value="" autocomplete="off" type="password">
  </p>
                      
  <div class="input_buttons topBottomMargin">
    <a class="chk-submitbtn" href="javascript:handleLogin();">Login</a>
  </div>
</form>
```
  The credentials go through the TouchNet systems.
6. Registered Users have option to add group membership.
  1. If membership requires authentication, then user prompted for login credentials.
  2. Saves credentials in TouchNet. Is removed if user removes membership, Marketplace profile/account is purged, or if the account credentials have expired according to LDAP configuration.
  3. If private store is listed in mall, then can click into store and see products.
  4. If given direct URL to private store, then will need to provide credentials there.

Browser not supported