Panopto API 004: Authenticating with an identity provider

Return to the Panopto API index page

I’ll be honest, this process has taken 3 hours, whereas it should take 3 minutes. Either this will ease someone’s day or you’ll find this page on Google after 2 1/2 hours of keyboard bashing.

This code continues from the code sample on page 003

The official documentation for using an AuthCode is here: http://support.panopto.com/pages/PanoptoApiHelp/html/487185e4-b175-e09f-e2f5-1fcf6864fd62.htm

It says we need to construct

SHA1(UserKey + “@” + WebServerFQDN.ToLower() + “|” + applicationKey.ToLower())

So we need to do a few things.

Firstly we need to build a function that is going to create a SHA1 hash of these things. Paste the following code as a function at the bottom of the page. It needs to be after static void main() but before the } of class Program.

The /// lines at the top are what make the tool tips you see when you start writing the function name. Think of them as comments you see only when they are useful to you.

We make the function with CreateAuthCode() but it expects to be passed the things mentioned in the official documentation.

identityProviderInstanceName and identityProviderApplicationKey are found in the Panopto > System > Identity providers screen. You’ll need to make one if you don’t have Blackboard / Moodle / etc intergration already

Highlighted are the two fields needed to create an AuthKey

The string payload command joins everything back together. Note that if your username is api and your Instance name is blackboard then your username is blackboard\api. In C# the backslash character needs escaping.

.ToLower() makes sure that the variable is lower case. The identityProviderInstanceName and username should match the case written on the server.

The So the final line is

The rest of the function creates a SHA1 hash (credit to http://www.kindblad.com/2009/03/how-to-generate-sha-1-hash-of-string.html)

Now the function exists, we need to call it.

In static void Main() replace the existing code with the following

The first few lines are redundant, we made them in 001. Next we check the security we created in 003.

The next few lines we are going to define who we are. panoptoFqdn is the website as defined in Panopto > System > Settings > General site settings > Web server FQDN. This should be the same as the address in your address bar, but it doesn’t hurt to check. username is the name we’re going to log in with and the identity… variables were explained above.

Remember that the user above is BBPreProd\api which is different to the local api user we created in the earlier steps.

The next lines export the auth string (in case you want to compare it to an external service such as http://www.sha1-online.com/)

Next we create an AuthenticationInfo object (we’ve named it sessionAuthInfoSSO so it is unique)

To aid simplicity I haven’t included any code to check this login, but you can try it with any of the example code in later posts.

Return to the Panopto API index page

2 Comments

  1. Vincent Bodinier

    Do I need to do this if using Panopto’s internal identity provider?
    I would have thought that I could just provide the username and password to the AuthenticationInfo (like in your previous code sample on page 003) but I get an error “Unable to authenticate the user.”…

    Thanks Vincent

    12 months ago
  2. Graham

    No, to use the Panopto internal identity you use the code on 003 and have AuthCode left as null

    12 months ago

Leave a Reply

Your email address will not be published. Required fields are marked *