Remote User Management (SSO) Service Details

Digital River only supports the full SSO implementation.

Full SSO

The Digital River single sign-on solution consists of the following APIs.

Session Timeout

The default timeout on a Digital River-hosted site is 60 minutes. You can customize this timeout value on a per-site basis.

Note:

Digital River does not notify clients on a session timeout.

Logout Button

When a user clicks a logout button, Digital River can redirect the user to a client-provided URL and pass a successful URL parameter. The client redirects the user to the URL value defined by the successful URL parameter to complete the logout operation. Digital River does not provide an XML-based logout API. 

Forgot Password

Digital River places a Forgot Password link on the website to a client-provided URL that allows a customer to change their password. Digital River does not support a Forgot Password API.

Client-owned SSO API

Digital River can integrate with a client-owned SSO API. This integration requires custom work.

Communication Failures

Reliable communication is necessary for successful operation of SSO APIs. The following list describes the default behavior when there are communication failures:

  • RemoteSessionValidation–Failure is transparent to the user. The user session is not authenticated
  • RemoteUserFetch–Failure is transparent to the user. The user profile is not updated.
  • RemoteLogin–User sees a error message. The error message typically prompts the user to retry the request.
  • RemoteCreateUser–User sees an error message. The error message typically prompts the user to retry the request.

Remote Login

The remote login process validates a login operation on Digital River-hosted store.

Passwords

All SSO communication occurs using an HTTPS endpoint. For added security, Digital River can encrypt a password using a pre-arranged symmetric key.

Custom Information

The extended attributes element under Remote Login Request/Response complex type allow you to pass custom information as a key/value pair. Passing custom information requires extra work.

Remote Login Flow Diagrams

Remote Login (My Account)

Remote Login (on Check Out)

Remote Login Request Example

<?xml version="1.0" encoding="UTF-8"?>
<ns1:LoginRequest xmlns:ns1="http://integration.digitalriver.com/RemoteUserManagement/1.0">
 <userKey xsi:type="ns2:UserKey" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns2="http://integration.digitalriver.com/Common/1.0">
  <userID xsi:type="xsd:string" xsi:nil="true" xmlns:xsd="http://www.w3.org/2001/XMLSchema"/>
  <externalReferenceID xsi:type="xsd:string" xsi:nil="true" xmlns:xsd="http://www.w3.org/2001/XMLSchema"/>
  <companyID xsi:type="xsd:string" xsi:nil="true" xmlns:xsd="http://www.w3.org/2001/XMLSchema"/>
  <loginID xsi:type="xsd:string" xmlns:xsd="http://www.w3.org/2001/XMLSchema">demo@digitalriver.com</loginID>
  <siteID xsi:type="xsd:string" xsi:nil="true" xmlns:xsd="http://www.w3.org/2001/XMLSchema"/>
 </userKey>
 <password xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">123123</password>
 <extendedAttributes xsi:type="ns3:ExtendedAttributesInfoArray" xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns3="http://integration.digitalriver.com/Common/1.0"/>
</ns1:LoginRequest>

Unsuccessful Remote Login Response (xsi:type is optional) Example

<?xml version="1.0" encoding="UTF-8"?>
<ns1:LoginResponse xmlns:ns1="http://integration.digitalriver.com/RemoteUserManagement/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:LoginResponse">
    <successful xsi:type="xsd:boolean">false</successful>
    <errorCode xsi:type="xsd:string">5</errorCode>
    <errorMessage xsi:type="xsd:string">Invalid login</errorMessage>
</ns1:LoginResponse>

Successful Remote Login Response (xsi:type is optional) Example

<?xml version="1.0" encoding="UTF-8"?>
<ns1:LoginResponse xmlns:ns1="http://integration.digitalriver.com/RemoteUserManagement/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:LoginResponse">
    <successful xsi:type="xsd:boolean">true</successful>
    <ns2:userKey xmlns:ns2="http://integration.digitalriver.com/Common/1.0" xsi:type="ns2:UserKey">
        <loginID xsi:type="xsd:string">demo@digitalriver.com</loginID>
        <externalReferenceID xsi:type="xsd:string">D05B4D68-F49D-11DA-8019-88F835DA4C6C</externalReferenceID>
        <siteID xsi:type="xsd:string">headwtr</siteID>
    </ns2:userKey>
    <common:extendedAttributes xmlns:common="http://integration.digitalriver.com/Common/1.0" xsi:type="common:ExtendedAttributesInfoArray">
        <item xsi:type="common:ExtendedAttributesInfo">
            <name xsi:type="xsd:string">crmSession</name>
            <value xsi:type="xsd:string">F3CB68D6-1643-11DD-8402-E6326E64542C/8443</value>
            <valueDataType xsi:type="xsd:string">string</valueDataType>
        </item>
    </common:extendedAttributes>
</ns1:LoginResponse>

Remote User Fetch

Use Remote User Fetch to get additional user information. This call is available for those clients who want to provide separate APIs for fetching user information. This call allows Digital River to get the latest user profile information. A examples below depicts the typical usage for this call.

When a user clicks a link to update their profile information on a Digital River-hosted store, they are redirected to a client site to complete their profile updates. When the user has finished updating their profile, the client uses a redirect to return the user to Digital River-hosted page, where you can set up a real-time call to get the latest profile information. The Remote User Fetch allows both parties to have up-to-date user profile information.

Passwords

All SSO communication occurs using a HTTPS end point. For added security, Digital River can encrypt a password using a pre-arranged symmetric key.

Custom Information

The extended attributes element under Remote User Fetch Request/Response complex type allow you to pass custom information as a key/value pair. Passing custom information requires extra work.

Get User Profile Request Example

<?xml version="1.0" encoding="UTF-8"?>
<ns1:GetUserProfileRequest xmlns:ns1="http://integration.digitalriver.com/RemoteUserManagement/1.0">
 <userKey xsi:type="ns2:UserKey" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns2="http://integration.digitalriver.com/Common/1.0">
  <userID xsi:type="xsd:string" xsi:nil="true" xmlns:xsd="http://www.w3.org/2001/XMLSchema/>
  <externalReferenceID xsi:type="xsd:string" xmlns:xsd="http://www.w3.org/2001/XMLSchema">D05B4D68-F49D-11DA-8019-88F835DA4C6C</externalReferenceID>
  <companyID xsi:type="xsd:string" xmlns:xsd="http://www.w3.org/2001/XMLSchema">headwtr</companyID>
  <loginID xsi:type="xsd:string" xsi:nil="true" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
  <siteID xsi:type="xsd:string" xmlns:xsd="http://www.w3.org/2001/XMLSchema">headwtr</siteID>
 </userKey>
 <sessionToken xsi:type="xsd:string" xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"/>
 <extendedAttributes xsi:type="ns3:ExtendedAttributesInfoArray" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns3="http://integration.digitalriver.com/Common/1.0">
  <item xsi:type="ns3:ExtendedAttributesInfo">
   <name xsi:type="xsd:string" xmlns:xsd="http://www.w3.org/2001/XMLSchema">crmSession</name>
   <value xsi:type="xsd:string" xmlns:xsd="http://www.w3.org/2001/XMLSchema">F3CB68D6-1643-11DD-8402-E6326E64542C/8443</value>
   <valueDataType xsi:type="xsd:string" xsi:nil="true" xmlns:xsd="http://www.w3.org/2001/XMLSchema"/>
  </item>
 </extendedAttributes>
</ns1:GetUserProfileRequest>

Unsuccessful Get User Profile Response (xsi:type is optional) Example

<?xml version="1.0" encoding="UTF-8"?>
<ns1:GetUserProfileResponse xmlns:ns1="http://integration.digitalriver.com/RemoteUserManagement/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:GetUserProfileResponse">
    <ns2:userInfo xmlns:ns2="http://integration.digitalriver.com/Common/1.0" xsi:nil="true" xsi:type="ns2:UserInfo" />
    <errorMessage xsi:type="xsd:string">User not active</errorMessage>
</ns1:GetUserProfileResponse>

Successful Get User Profile Response (xsi:type is optional) Example

<?xml version="1.0" encoding="UTF-8"?>
<ns1:GetUserProfileResponse xmlns:ns1="http://integration.digitalriver.com/RemoteUserManagement/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:GetUserProfileResponse">
    <ns2:userInfo xmlns:ns2="http://integration.digitalriver.com/Common/1.0" xsi:type="ns2:UserInfo">
        <userKey xsi:type="ns2:UserKey">
            <loginID xsi:type="xsd:string">D05B4D68-F49D-11DA-8019-88F835DA4C6C</loginID>
            <externalReferenceID xsi:type="xsd:string">D05B4D68-F49D-11DA-8019-88F835DA4C6C</externalReferenceID>
            <siteID xsi:type="xsd:string">headwtr</siteID>
        </userKey>
        <firstName xsi:type="xsd:string">Amit å</firstName>
        <lastName xsi:type="xsd:string">Bartake ä</lastName>
        <email xsi:type="xsd:string">abartake@digitalriver.com</email>
        <homePhone xsi:type="xsd:string">9522538664</homePhone>
        <shippingAddress xsi:type="ns2:AddressInfo">
            <name1 xsi:type="xsd:string">Demo</name1>
            <name2 xsi:type="xsd:string">Tester</name2>
            <line1 xsi:type="xsd:string">1234 Test Avenue</line1>
            <line2 xsi:type="xsd:string"/>
            <line3 xsi:type="xsd:string"/>
            <city xsi:type="xsd:string">Eden Prairie</city>
            <country xsi:type="xsd:string">US</country>
            <countryName xsi:type="xsd:string">United States</countryName>
            <postalCode xsi:type="xsd:string">55344</postalCode>
            <email xsi:type="xsd:string">demo@digitalriver.com</email>
            <phoneNumber xsi:type="xsd:string">952-111-2222</phoneNumber>
        </shippingAddress>
        <billingAddress xsi:type="ns2:AddressInfo">
            <name1 xsi:type="xsd:string">Demo</name1>
            <name2 xsi:type="xsd:string">Tester</name2>
            <line1 xsi:type="xsd:string">1234 Test Avenue</line1>
            <line2 xsi:type="xsd:string"/>
            <line3 xsi:type="xsd:string"/>
            <city xsi:type="xsd:string">Eden Prairie</city>
            <country xsi:type="xsd:string">US</country>
            <countryName xsi:type="xsd:string">United States</countryName>
            <postalCode xsi:type="xsd:string">55344</postalCode>
            <email xsi:type="xsd:string">demo@digitalriver.com</email>
            <phoneNumber xsi:type="xsd:string">952-111-2222</phoneNumber>
        </billingAddress>
    </ns2:userInfo>
    <errorMessage xsi:type="xsd:string"></errorMessage>
    <common:extendedAttributes xmlns:common="http://integration.digitalriver.com/Common/1.0" xsi:type="common:ExtendedAttributesInfoArray">
        <item xsi:type="common:ExtendedAttributesInfo">
            <name xsi:type="xsd:string">hasAcceptedTermsNConditions</name>
            <value xsi:type="xsd:string">yes</value>
            <valueDataType xsi:type="xsd:string">string</valueDataType>
        </item>
    </common:extendedAttributes>
</ns1:GetUserProfileResponse>

Remote Session Validation

An important element of a seamless single sign-on process is validating a remotely authenticated user. Digital River initiates this process by searching the HTTP header for a predetermined cookie. This cookie is a remote session token that allows Digital River to contact the client and validate the user. Once Digital River validates the token and receives a corresponding authenticated user ID from the client, it instantiates an authenticated user session.

Session Token

A session token is an encrypted key that is passed either as a cookie, an HTTP URL parameter, or through some other means. Digital River reads the token and uses it to create Remote Session Validation call. You can pass multiple tokens as  extended attributes of the Validate Session Request.

Custom Information

The extended attributes element under Validate Session Request/Response complex type allow you to pass custom information as a key/value pair. Passing custom information requires extra work.

Remote Session Validation Request (single token) Example

demo@digitalriver.com D05B4D68-F49D-11DA-8019-88F835DA4C6C

Successful Remote Session Validation Response (xsi:type is optional) Example

true demo@digitalriver.com D05B4D68-F49D-11DA-8019-88F835DA4C6C headwtr crmSession F3CB68D6-1643-11DD-8402-E6326E64542C/8443 string

Remote User Create

In the case where a customer never signs on and creates a new account during the checkout process, Digital River will forward the customer information to the client and then create a local user for that customer.

Passwords

All SSO communication occurs using a HTTPS end point. For added security, Digital River can encrypt a password using a pre-arranged symmetric key.

Custom Information

The extended attributes element under Create User Profile Request/Response complex type allow you to pass custom information as a key/value pair. Passing custom information requires extra work.

Create User Profile Request Example

demo@digitalriver.com DR Demo demo@digitalriver.com en_US 95888914269 Minnetonka US United States 10380 Bren Road W DR Demo 9522251234 55343 MN demo@digitalriver.com DR 123123

Unsuccessful Create User Profile Response Example

false 5 Email already used

Successful Create User Profile Response Example

true D05B4D68-F49D-11DA-8019-88F835DA4C6C demo@digitalriver.com D05B4D68-F49D-11DA-8019-88F835DA4C6C crmSession F3CB68D6-1643-11DD-8402-E6326E64542C/8443 string