Single Sign On API

marcelotavora2863 · May 7, 2021, 12:33am

Hi guys,

I need to implement SSO in my ActiveCampaign accounts. I read all the docs and managed to get a login link via API, but when I click it, it gives me a ‘session expired’ error.

Tried to contact support, abut they couldn’t figure out what was happening.

Does anyone have a solution to the problem?

Tried those docs:

mreibach · June 2, 2021, 2:47pm

Hello Marcelo,

The API response from the singlesignon endpoint should have a property called token on it. This is the value that you will pass along with the _ssot parameter for the single sign on link. The full link will look like this: https://your-account.api-us1.com/admin/main.php?_ssot=your-token. Just replace “your-account” with the account name, and “your-token” with the token value from the previous API call.

If this is how you are already building your link, then the issue is not likely related to the link itself. In that case we may need further information to troubleshoot, such as the sso_duration you are using.

Thank you,
-Matt

marcelotavora28631 · June 21, 2021, 5:29pm

Thank you for your answer @mreibach but it does not solved the problem. The code provided in ActiveCampaign docs brings the URL with the token. And with the sso_duration = 30.

Any other thoughts about it?

mreibach · June 22, 2021, 9:04pm

Hi @marcelotavora28631,

Another possible reason that you can encounter the session expired error may be the sso_ipaddress. This is used to specify the IP address that the session is expected to originate from, and if the link is clicked from a different IP address you will see the session expired error.

If you are using the default IP address of 127.0.0.1 that is shown in the example, I would recommend changing that to use the public facing IP address that you will be connecting from. Hope this helps!

-Matt

marcelotavora28631 · July 5, 2021, 4:40pm

Hi @mreibach , finally got it working!

Instead of using $_SERVER['REMOTE_ADDR'] as suggested in the Api Docs, I used the HTTP_X_FORWARDED_FOR and it worked like a charm.

ncextension1 · July 14, 2021, 8:11pm

We have experienced this issue before and we figured out that users who hit the SSO endpoint from our company VPN were successful, while others were not. We determined the issue was that our VPN was issuing an IPv4 address to the end user, while other users may have been using an IPv6 address … basically the IP address you pass to the API for ACto setup the login cookie/session needs to match what your browser will report it as when they click the sign-in link.