User login
Jamcracker Integration Toolkit (JIT) - FAQ
1. Will the future releases be backward compatible?
Backward compatibility is our primary concern when working on new releases. All future releases of JIT will be backward compatible. If, however, there is architectural change in the framework, we will let you know in advance so that you can make the required changes to your adapter.
2. What do I do with the data that I don't need?
You can ignore all data elements in the XML that you do not need.
3. My application does not have an entity called a company. What do I do?
Company is a commonly used term in JSDN. First, you should check if your application has any concept of "Customer", "Account". If so, this entity should be mapped to Company. If you do not have any such entity, you can focus only on user entity requests. Request for the company entity requests, if any, can be safely ignored.
4. Is the password in request XML encrypted?
No, the password in the XML is not encrypted, and is clear text and we expect the partner to be able to keep the passwords secure in their system. Hence we require that the XML be passed over SSL to protect the data.
5. Do I have to provide SSL Interface for a staging interface?
Yes. We require you to provide us SSL enabled staging interface.
6. How will Jamcracker provide values that are specific to my application? How do we handle Groups?
For example some applications have the concept of groups, in addition to company and users and different permission levels to view different information (i.e. sales has one view, executives have another view)
The Jamcracker platform provides an extendable schema, which allows us to define any number of new fields specific for your application. The data for these fields is captured before the request is sent out to your application for provisioning.
Permission levels, groups and user roles can be defined as extended attributes of user. This data can be captured during data collection process and passed along to the desired application.
7. My application uses email addresses as login names. How will Jamcracker handle this? Does JSDN keep emails unique?
A simple field mapping in the service configuration allows us to masquerade a field's value to be sent out by any name that is required for your application. In this case, the email address of the user will be sent to you as login name.
An email address in JSDN is always unique. Once the user registers using an email address, no one else can use it again.
8. How do end users access my application?
Every application is accessed from JSDN Service Management Console (SMC). When a user logs in to his/her SMC, they will see a Single Sign On (SSO) icon for every application that they've been provisioned to. The application is launched when the SSO icon for the application is clicked on.
9. How will users change password for my application?
When enabled, JSDN allows users to change their application specific passwords that are sent out as an "Update User" command in the request XML. You need to implement this command in your application interface to allow users to change their passwords in your application.
10. Do I need any DTD or XSD for your XML Request & Response?
Yes. If required, you can use the XSD to validate the Request XML from the Jamcracker platform. But more importantly, you will have to validate the Response using the XSD before sending it. If we receive a Response that does not confirm to the XSD, it will be considered as a failure response.
11. Our application creates the company and the first (main) user profile in one transaction. How does Jamcracker provide for such a scenario?
The "Create Company" command in the request XML will contain data for the first (main or admin) user profile. Use this information to create the company and the first user in your application. However, the password for the first user will not be a part of the "Create Company" command and will be sent for "Create User" command following the successful completion of the "Create Company" Command. You can update the password for the first user when you receive it in the "Create User" command.
12. What do I need to provide Jamcracker to certify my adapter?
- Staging setup of your application
- URL of the Web interface exposed on an SSL Connection
- Getting Started Guide (if any)
- Adapter JIT XML
<?xml version="1.0" encoding="UTF-8" ?>
<jcprovisionmessage>
<body>
<response>
<command name="create" type="user">
<entityresponse>
<faultcode>123456</faultcode>
<faultstring>Unable to create the user. Email address provided is invalid. Please provide a valid email address and try again</faultstring>
</entityresponse>
</command>
</response>
</body>
</jcprovisionmessage>
14. Ours not a pure web-based application and has a desktop client which our users will use to sign-in. How will the users know their password to use the desktop client?
As addressed in Question # 10, when enabled, users can change their password for an application to whatever the want. This facility, to change the password, will be enabled for your application so that users can change ther passwords and use it to login to your desktop client. A "Getting Started Guide" for your application will communicate this to the users.
15. Our website has a "Forgot password?" link. What if a user clicks on that and provides a valid username?
When a user clicks on "Forgot Password?" and provides a valid username, you need to check if this user is a JSDN user and NOT send the password to this user.
Instead, you can show the following message to the user.
"Our records indicate that you are an On-Demand Marketplace customer. Please login to your Service Management Console to manage the password for <your_application_name_here>."
Also, you can embed a link in your portal to take the user to Service Management Console for Reset Password type of functionality.
16. What is the name of the HTTP POST parameter, which holds the XML request coming from Jamcracker platform to me?
You can decide the name of the HTTP POST parameter to bind the request xml file. This is a simple configuration and our system can pass on the XML to you in via any parameter name.
17. Is JIT framework capable of supporting SOAP messages?
No. Currently, JIT framework does not support SOAP requests and responses. Only XML support is available today.
18. How can we make sure that the provisioning XML requests are coming from Jamcracker’s JIT framework and not from any non-secure source??
You will provide us with Authorization information in the form of "username" and "password". JIT framework will send this information as part of every XML request sent to your platform. You should check the XML and make sure it holds this Authorization data before proceeding to Create/Update/Delete records.
19. When does the User Account get activated?
The user will place an order using JSDN platform. This will trigger "Create User" command on your systems. Once "Create User" operation is successful, provisioning is completed. This is when the user account gets activated and becomes billable.
20. How do I handle various user roles supported by my application?
Jamcracker "Compan" and "User" entity schema is extendable. We can define as many custom fields as we want to match up your data model. If you have a "User Role" field in your system, which holds different values than what are supported by Jamcracker, we can create a custom field and define all possible allowed roles as the field attributes.
21. How does a password get assigned to the user account to access my application? Will you create and pass on a password to me in the XML request? Or do I have to generate my own password?
Jamcracker will auto-generate a service-password for the user account and send it to you. You need to extract this password from the request XML and assign it to the user in your application. Since the user will use Jamcracker Single-Sign-On (SSO) feature to login to your application, he/she need not know the password to login to your application.
22. What is the role of "Service" entity data?
Service entity holds the data that is global and does not change on a "per-company" or "per-user" basis. This data is applicable to all companies and users. For example – The Email server ip address for an email application will be constant irrespective of any company being created. In such case, this ip address will be defined as part of Service entity.
23. My application requires me to create one Administrator user along with the "Create Company" command. How can I achieve this?
- You will receive the first user information with the create company command.
- Use this information to create the user. Please note that you will not receive the password for this user with the create company command. Please use a random password for now.
- Send us back the response message.
- When the Jamcracker platform receives the success response message, it will send a request to provision the first user in your application. This user information will be identical to the one you received with the create company command, but this time it will also contain the password for the user.
- Extract this password and update the same in your application.
- Send us back the response message.
firstName = /jcprovisionmessage/body/request/command/entitydata[@entitytype='user']/datafield[name='firstName']/value
lastName = /jcprovisionmessage/body/request/command/entitydata[@entitytype='user']/datafield[name='lastName']/value
email = /jcprovisionmessage/body/request/command/entitydata[@entitytype='user']/datafield[name='email']/value
The service password field (XPATH provided below) will be available as part of the create user command.
password = /jcprovisionmessage/body/request/command/entitydata[@entitytype='user']/datafield[name='password']/value