HomeGuidesAPI Reference
Submit Documentation FeedbackJoin Developer CommunityOptimizely GitHubOptimizely NuGetLog In

SSO Token Validator Extension Point


Use the SSO token validator extension point to allow B2B Commerce to validate a token from an external identity provider. B2B Commerce will first try to validate the token with its built-in Identity Server, then fall back to the SSO token validator extension point if you have configured it.

For example, if you use both CMS and B2B Commerce, you can set up SSO in the CMS to point to an external identity provider. The external identity provider passes a token for you to validate and point to the same identity provider, which allows you to use the same token to communicate with B2B Commerce APIs. 



To leverage this functionality, users must already exist in B2B Commerce, as this extension point will not automatically create users. If you use the connector for B2B Commerce and the Content Cloud CMS, however, you can create a user in the CMS and this triggers B2B Commerce to add this user automatically.

How to implement the SSO token validator extension point

Follow these steps:

  1. Implement the IInjectAuthenticationOptions interface
  2. Add an Authentication middleware configured to validate the external token

Example Implementation



This code is commented out in the InjectAuthenticationOptions.cs file.

namespace Insite.IdentityServer.Startup
    using System.IdentityModel.Tokens;
    using System.Linq;
    using Insite.Core.Security;
    using Microsoft.IdentityModel.Protocols;
    using Microsoft.Owin.Security.Jwt;
    using Owin;
    public class InjectAuthenticationOptions : IInjectAuthenticationOptions
        private const string CustomBearerAuthenticationType = "CustomBearer";
        public string[] AuthenticationTypes => new[] { CustomBearerAuthenticationType };
        public void InjectOption(IAppBuilder app)
            var openIdConnectConfiguration = new ConfigurationManager<OpenIdConnectConfiguration>(
                new JwtBearerAuthenticationOptions
                    AuthenticationType = CustomBearerAuthenticationType,
                    TokenValidationParameters = new TokenValidationParameters
                        ValidAudience = "https://andrey.insitesoftqa.com/identity",
                        ValidIssuer = "https://sts.windows.net/7de63854-34d6-46bb-b98d-855dd67ef1c5/",
                        IssuerSigningKeyResolver = (token, securityToken, kid, parameters) =>
                            var securityKeyId =
                                    o => o.ClauseType == "NamedKeySecurityKeyIdentifierClause"
                            var securityKey = openIdConnectConfiguration.JsonWebKeySet
                                .Where(o => o.Id == securityKeyId)
                                .SelectMany(o => o.SecurityKeys)
                            return securityKey;