Skip to content

Single Sign-On (SSO) Specification and Implementation Guide

  • Supported version: learningBOX 2.5.2 and later
  • Protocol: HTTPS
  • Domain: Your operational domain (e.g., lms.learningbox.online)
  • HTTP Method: GET, POST (POST is recommended for parameters other than action=sso)
  • Endpoint: https://{tenant-domain}/?action=sso

Overview

  • Purpose: Log in to learningBOX.
  • Endpoint: ?action=sso
  • Method: GET/POST (POST is recommended for parameters other than action, for security, URL length, and to prevent Referrer exposure)
  • Note: When multiple request parameters are specified, they are evaluated with AND logic.

Note: SSO is available only for the subdomain owner and users registered under that owner. Users belonging to other owners cannot log in.

Required Parameters

Parameter Description Example
login Login ID tatsuno-user1
sco_id Internal ID of the content (or folder). Specify 0 for login only 0
time Current time (Unix timestamp, in seconds) 1542088980
key Login authentication key (see below)

Details for login

Only half-width alphanumeric characters and the following symbols are allowed:

Symbol Name
! Exclamation mark
" Double quotation
# Hash / Number sign
$ Dollar sign
% Percent
& Ampersand
' Single quotation
( Left parenthesis
) Right parenthesis
* Asterisk
+ Plus
, Comma
- Hyphen
. Period
/ Slash
: Colon
; Semicolon
< Less-than sign
= Equals sign
> Greater-than sign
? Question mark
[ Left square bracket
] Right square bracket
^ Caret
_ Underscore
` Backtick

Note: @ (at sign) is not allowed.

Using any character other than the above will result in SSO Error 224.

Details for key

Generation formula: sha256(login + "/" + secret + "/" + sco_id + "/" + time)

PHP example: 

$key = hash('sha256', $login.'/'.$secret.'/'.$sco_id.'/'.$time);

Optional Parameters

Account Settings

Parameter Description
add_account Account creation setting
email Email address
name Full name
nickname Display name
status Account status

Details for add_account

Value Behavior
0 If the account does not exist, return error code 200. If it exists, log in as-is.
1 If the account does not exist, create it and log in. If it exists, log in as-is.

Details for email / name / nickname

These parameters share the following common behavior: - If not passed: no update - If passed: update if the account exists; register with this value if it does not

Prohibited characters: - name: \ (SSO Error 225) - nickname: \ (SSO Error 226)

Details for status

Value Meaning
0 Inactive
7 Active
  • On first creation: if no value is passed, the account is registered as 7 (Active)
  • For existing accounts: passing 0 will not change a 7 (Active) account

Group Management

Parameter Description
add_group Add to group by internal group ID (group_id)
add_group_code Add to group by group code (group_code)
release_group Remove from group by internal group ID (group_id)
release_group_code Remove from group by group code (group_code)

Common Specifications

  • Use comma-separated values for multiple entries (e.g., 22,23,24)
  • If add_group_code is specified, add_group is ignored
  • If release_group_code is specified, release_group is ignored
  • Groups you cannot join: different owner ID, or product group

Permission Management

Parameter Description Format
permission_score Grade management permission (internal ID) groupId:contentId:permission
permission_score_code Grade management permission (code) groupCode:contentCode:permission
permission_group User management permission (internal ID) groupId:permission
permission_group_code User management permission (code) groupCode:permission
permission_contents Content management permission (internal ID) contentId:permission
permission_contents_code Content management permission (code) contentCode:permission
permission_assign Content assignment management permission (internal ID) groupId:contentId:permission
permission_assign_code Content assignment management permission (code) groupCode:contentCode:permission

Permission Types

Permission Type Available Permission Values
Grade management none, edit, view, scoring, approve_scoring
User management none, edit, view
Content management none, edit, view
Content assignment management none, edit

Revoking Permissions

To revoke grade management permissions, use: edit_none, view_none, scoring_none, approve_scoring_none

Setting All Permissions

  • Grade management: -1:-1:edit grants management permission for all grades
  • User management: -1:edit allows editing all groups
  • Content management: -1:edit allows editing content in all folders
  • Content assignment management: -1:-1:edit grants management permission for all groups and content

Priority

If a code-based parameter (*_code) is specified, the corresponding internal-ID parameter is ignored.

Examples

permission_score=23:5444:edit,23:5446:view
permission_score_code=1kumi:sansuu:edit,1kumi:kokugo:edit
permission_group=23:edit,24:view
permission_group_code=1kumi:edit,2kumi:edit
permission_contents=5444:edit,5446:view
permission_contents_code=sansuu:edit,kokugo:view
permission_assign=23:5444:edit,23:5446:edit
permission_assign_code=1kumi:sansuu:edit,1kumi:kokugo:edit

Expiration

Parameter Description
expiration_date Account expiration date (format: YYYY-MM-DD)
expiration_from_creation Number of days until expiration from account creation date
expiration_from_login Number of days until expiration from login date

Priority

  1. If expiration_date is set, other parameters are ignored
  2. If expiration_from_creation is set, expiration_from_login is ignored
  3. expiration_from_login is only effective when neither of the above is set

Examples

expiration_date=2022-02-02
expiration_from_creation=30
expiration_from_login=7

Products & Billing

Parameter Description
add_product Internal ID of the product to auto-purchase
add_product_key Product key of the product to auto-purchase
subscription Account billing flag

Details for add_product

  • Format: productCode:quantityUnit (e.g., P0001:1D,P0002:2W,P0003:3M,P0004:4Y)
  • Only valid when the EC feature is in use and the payment method "Free payment" is enabled
  • Products already purchased will not be purchased again
Unit Meaning Range
D Days 1–90 days
W Weeks 1–52 weeks
M Months 1–24 months
Y Years 1–5 years

Details for add_product_key

  • Required when add_product is specified
  • Generation formula: sha256(add_product + "/" + secret)

Details for subscription

Value Meaning
required Charge billing
none Remove the billing flag for users without a plan contract

Redirect Destination

Parameter Description
sco_code Content code. Content code of the folder/content to navigate to after login. Only valid when sco_id=0
url Redirect destination URL
scene_code Scene code

Details for sco_code

  • Only valid when sco_id=0
  • Leave unspecified if you only want to log in
  • Example: QUIZ001

Details for url

  • If specified, navigates to that URL
  • Takes priority over sco_id and sco_code

Details for scene_code

  • Specify the scene code of the scene to display after login
  • SSO Error 124 if a non-existent scene code is specified

User Attributes

Parameter Description
lms_country Country of residence (specify in English)
lms_language Language (specify as locale code)
lms_timezone Timezone (specify as IANA timezone identifier)

Details for lms_country

Specify the country name in English (e.g., Japan, UnitedStatesOfAmerica).

Full list of countries (click to expand)
ValueCountry
JapanJapan
AfghanistanAfghanistan
AlbaniaAlbania
AlgeriaAlgeria
AndorraAndorra
AngolaAngola
AntiguaAndBarbudaAntigua and Barbuda
ArgentinaArgentina
ArmeniaArmenia
AustraliaAustralia
AustriaAustria
AzerbaijanAzerbaijan
BahamasBahamas
BahrainBahrain
BangladeshBangladesh
BarbadosBarbados
BelarusBelarus
BelgiumBelgium
BelizeBelize
BeninBenin
BhutanBhutan
BoliviaBolivia
BosniaAndHerzegovinaBosnia and Herzegovina
BotswanaBotswana
BrazilBrazil
BruneiDarussalamBrunei Darussalam
BulgariaBulgaria
BurkinaFasoBurkina Faso
BurundiBurundi
CaboVerdeCabo Verde
CambodiaCambodia
CameroonCameroon
CanadaCanada
CentralAfricanRepublicCentral African Republic
ChadChad
ChileChile
ChinaChina
ColombiaColombia
ComorosComoros
CongoCongo
CostaRicaCosta Rica
CoteD'IvoireCôte d'Ivoire
CroatiaCroatia
CubaCuba
CyprusCyprus
CzechRepublicCzech Republic
DemocraticPeople'sRepublicOfKoreaDemocratic People's Republic of Korea
DemocraticRepublicOfTheCongoDemocratic Republic of the Congo
DenmarkDenmark
DjiboutiDjibouti
DominicaDominica
DominicanRepublicDominican Republic
EcuadorEcuador
EgyptEgypt
ElSalvadorEl Salvador
EquatorialGuineaEquatorial Guinea
EritreaEritrea
EstoniaEstonia
EswatiniEswatini
EthiopiaEthiopia
FijiFiji
FinlandFinland
FranceFrance
GabonGabon
GambiaGambia
GeorgiaGeorgia
GermanyGermany
GhanaGhana
GreeceGreece
GrenadaGrenada
GuatemalaGuatemala
GuineaGuinea
GuineaBissauGuinea-Bissau
GuyanaGuyana
HaitiHaiti
HondurasHonduras
HungaryHungary
IcelandIceland
IndiaIndia
IndonesiaIndonesia
IranIran (Islamic Republic of)
IraqIraq
IrelandIreland
IsraelIsrael
ItalyItaly
JamaicaJamaica
JordanJordan
KazakhstanKazakhstan
KenyaKenya
KiribatiKiribati
KuwaitKuwait
KyrgyzstanKyrgyzstan
LaoPeople'sDemocraticRepublicLao People's Democratic Republic
LatviaLatvia
LebanonLebanon
LesothoLesotho
LiberiaLiberia
LibyaLibya
LiechtensteinLiechtenstein
LithuaniaLithuania
LuxembourgLuxembourg
MadagascarMadagascar
MalawiMalawi
MalaysiaMalaysia
MaldivesMaldives
MaliMali
MaltaMalta
MarshallIslandsMarshall Islands
MauritaniaMauritania
MauritiusMauritius
MexicoMexico
MicronesiaMicronesia (Federated States of)
MonacoMonaco
MongoliaMongolia
MontenegroMontenegro
MoroccoMorocco
MozambiqueMozambique
MyanmarMyanmar
NamibiaNamibia
NauruNauru
NepalNepal
NetherlandsNetherlands
NewZealandNew Zealand
NicaraguaNicaragua
NigerNiger
NigeriaNigeria
NorthMacedoniaNorth Macedonia
NorwayNorway
OmanOman
PakistanPakistan
PalauPalau
PanamaPanama
PapuaNewGuineaPapua New Guinea
ParaguayParaguay
PeruPeru
PhilippinesPhilippines
PolandPoland
PortugalPortugal
QatarQatar
RepublicOfKoreaRepublic of Korea
RepublicOfMoldovaRepublic of Moldova
RomaniaRomania
RussianFederationRussian Federation
RwandaRwanda
SaintKittsAndNevisSaint Kitts and Nevis
SaintLuciaSaint Lucia
SaintVincentAndTheGrenadinesSaint Vincent and the Grenadines
SamoaSamoa
SanMarinoSan Marino
SaoTomeAndPrincipeSao Tome and Principe
SaudiArabiaSaudi Arabia
SenegalSenegal
SerbiaSerbia
SeychellesSeychelles
SierraLeoneSierra Leone
SingaporeSingapore
SlovakiaSlovakia
SloveniaSlovenia
SolomonIslandsSolomon Islands
SomaliaSomalia
SouthAfricaSouth Africa
SouthSudanSouth Sudan
SpainSpain
SriLankaSri Lanka
SudanSudan
SurinameSuriname
SwedenSweden
SwitzerlandSwitzerland
SyrianArabRepublicSyrian Arab Republic
TajikistanTajikistan
ThailandThailand
Timor-LesteTimor-Leste
TogoTogo
TongaTonga
TrinidadAndTobagoTrinidad and Tobago
TunisiaTunisia
TurkeyTurkey
TurkmenistanTurkmenistan
TuvaluTuvalu
UgandaUganda
UkraineUkraine
UnitedArabEmiratesUnited Arab Emirates
UnitedKingdomOfGreatBritainAndNorthernIrelandUnited Kingdom of Great Britain and Northern Ireland
UnitedRepublicOfTanzaniaUnited Republic of Tanzania
UnitedStatesOfAmericaUnited States of America
UruguayUruguay
UzbekistanUzbekistan
VanuatuVanuatu
VenezuelaVenezuela
VietNamViet Nam
YemenYemen
ZambiaZambia
ZimbabweZimbabwe

Details for lms_language

Specify as a locale code.

Value Language
ja_JP Japanese
en_US English
vi_VN Vietnamese
id_ID Indonesian
de_DE German
es_ES Spanish
fr_FR French
my_MM Burmese
pt_PT Portuguese
tl_PH Tagalog
ru_RU Russian
ur_PK Urdu
hi_IN Hindi
th_TH Thai
km_KH Khmer
zh_CN Chinese (Simplified)
zh_TW Chinese (Traditional)
ko_KR Korean

Details for lms_timezone

Specify as an IANA timezone identifier.

Value Timezone
Asia/Tokyo Japan Standard Time (UTC+09:00)
Europe/Budapest Central Europe Standard Time (UTC+01:00)
Africa/Lagos W. Central Africa Standard Time (UTC+01:00)
Europe/Amsterdam W. Europe Standard Time (UTC+01:00)
Europe/Paris Romance Standard Time (UTC+01:00)
Africa/Windhoek Namibia Standard Time (UTC+01:00)
Africa/Harare South Africa Standard Time (UTC+02:00)
Europe/Helsinki FLE Standard Time (UTC+02:00)
Europe/Sofia E. Europe Standard Time (UTC+02:00)
Africa/Cairo Egypt Standard Time (UTC+02:00)
Europe/Bucharest GTB Standard Time (UTC+02:00)
Asia/Jerusalem Israel Standard Time (UTC+02:00)
Asia/Amman Jordan Standard Time (UTC+02:00)
Asia/Beirut Middle East Standard Time (UTC+02:00)
Asia/Damascus Syria Standard Time (UTC+02:00)
Europe/Istanbul Turkey Standard Time (UTC+02:00)
Asia/Kuwait Arab Standard Time (UTC+03:00)
Europe/Minsk Belarus Standard Time (UTC+03:00)
Africa/Nairobi E. Africa Standard Time (UTC+03:00)
Asia/Baghdad Arabic Standard Time (UTC+03:00)
Europe/Moscow Russia Standard Time (UTC+03:00)
Asia/Tehran Iran Standard Time (UTC+03:30)
Asia/Yerevan Caucasus Standard Time (UTC+04:00)
Asia/Baku Azerbaijan Standard Time (UTC+04:00)
Asia/Tbilisi Arabian Standard Time (UTC+04:00)
Asia/Kabul Afghanistan Standard Time (UTC+04:30)
Asia/Ashgabat West Asia Standard Time (UTC+05:00)
Asia/Karachi Pakistan Standard Time (UTC+05:00)
Asia/Kolkata India Standard Time (UTC+05:30)
Asia/Colombo Sri Lanka Standard Time (UTC+05:30)
Asia/Kathmandu Nepal Standard Time (UTC+05:45)
Asia/Dhaka Central Asia Standard Time (UTC+06:00)
Asia/Yangon Myanmar Standard Time (UTC+06:30)
Asia/Bangkok SE Asia Standard Time (UTC+07:00)
Asia/Singapore Singapore Standard Time (UTC+08:00)
Asia/Taipei Taipei Standard Time (UTC+08:00)
Asia/Hong_Kong Hong Kong Standard Time (UTC+08:00)
Asia/Shanghai China Standard Time (UTC+08:00)
Asia/Macau Macau Standard Time (UTC+08:00)
Asia/Ulaanbaatar Ulaanbaatar Standard Time (UTC+08:00)
Asia/Seoul Korea Standard Time (UTC+09:00)
Australia/Melbourne AUS Eastern Standard Time (UTC+10:00)
Pacific/Guam West Pacific Standard Time (UTC+10:00)
Pacific/Noumea Central Pacific Standard Time (UTC+11:00)
Pacific/Auckland New Zealand Standard Time (UTC+12:00)
Pacific/Apia Samoa Standard Time (UTC+13:00)
America/Argentina/Buenos_Aires Argentina Standard Time (UTC-03:00)
America/Sao_Paulo E. South America Standard Time (UTC-03:00)
America/Santiago Pacific South America Standard Time (UTC-03:00)
America/Cayenne SA Eastern Standard Time (UTC-03:00)
America/Montevideo Montevideo Standard Time (UTC-03:00)
America/Manaus SA Western Standard Time (UTC-04:00)
America/Asuncion Paraguay Standard Time (UTC-04:00)
America/Bogota SA Pacific Standard Time (UTC-05:00)
America/Mexico_City Central Standard Time (Mexico) (UTC-06:00)
America/Phoenix US Mountain Standard Time (UTC-07:00)
America/Vancouver Pacific Standard Time (UTC-08:00)
Pacific/Honolulu Hawaiian Standard Time (UTC-10:00)
UTC Greenwich Mean Time (UTC)

Custom Fields

Parameter Description
{custom_field_key} Specify the custom field key name as the parameter name

Usage

Use the custom field key name directly as the parameter name.

Prohibited character: \ (SSO Error 227)

Constraints by Input Type

Input Type Constraint
Text Up to 50 characters
Text area Up to 1000 characters
Radio button / Dropdown / Checkbox Pass the string set as the value
Date Y-m-d format (e.g., 2022-01-17) or j-F-Y format (e.g., 17-January-2022)

Response

Success (302 Found)

On successful authentication, redirects with HTTP 302 Found.

Condition Redirect destination
sco_id=0 My page /sys/index.php
sco_id=folder Learning screen /sys/index.php?action=courseAll&current-folder={sco_id}
sco_id=content Study screen (e.g., /sys/index.php?action=quizPlayer&options=...)
url specified Specified destination (e.g., /sys/?action=courseAll)
Missing parameters Top page /index.php

Error Responses

Server Error (5xx)

HTTP Status Description
500 Internal Server Error Server-side error such as DB error

Client Error (4xx)

When a parameter error occurs, an error page is displayed.

Parameter errors when logging into an existing account
Code Error Name Description
001 SSO Error 001 Login user does not exist
002 SSO Error 002 time exceeds 15 hours
003 SSO Error 003 Invalid key
004 SSO Error 004 Account limit exceeded
005 SSO Error 005 Key already used
007 SSO Error 007 Referrer mismatch
008 SSO Error 008 Custom SSO not configured
009 SSO Error 009 Group restriction error
101 SSO Error 101 Email is empty
102 SSO Error 102 Invalid email format
103 SSO Error 103 Duplicate email
104 SSO Error 104 Name is empty
105 SSO Error 105 Name exceeds limit (up to 50 characters)
106 SSO Error 106 Display name consists of whitespace only
107 SSO Error 107 Display name length violation (3–50 characters)
109 SSO Error 109 Invalid group_id specified
110 SSO Error 110 Invalid status specified
111 SSO Error 111 Account registration limit reached for the specified group or its parent group
112 SSO Error 112 permission_score_code or permission_score: column count mismatch when split by /
113 SSO Error 113 permission_score_code or permission_score: invalid mode value
114 SSO Error 114 permission_score_code or permission_score: group specification error
115 SSO Error 115 permission_score_code or permission_score: content specification error
116 SSO Error 116 permission_group_code or permission_group: column count mismatch when split by /
117 SSO Error 117 permission_group_code or permission_group: invalid mode value
118 SSO Error 118 permission_group_code or permission_group: group specification error
119 SSO Error 119 permission_contents_code or permission_contents: column count mismatch when split by /
120 SSO Error 120 permission_contents_code or permission_contents: invalid mode value
121 SSO Error 121 permission_contents_code or permission_contents: content specification error
122 SSO Error 122 Name contains prohibited character \
123 SSO Error 123 Display name contains prohibited character \
124 SSO Error 124 Non-existent scene_code specified
125 SSO Error 125 Email exceeds 256 characters
126 SSO Error 126 Email domain check error
127 SSO Error 127 Attempted to change the status of a merged source user to something other than inactive
Parameter errors when registering an account
Code Error Name Description
203 SSO Error 203 Email is empty
204 SSO Error 204 Invalid email format
205 SSO Error 205 Duplicate email
206 SSO Error 206 Name is empty
207 SSO Error 207 Name exceeds limit (up to 50 characters)
208 SSO Error 208 Display name consists of whitespace only
209 SSO Error 209 Display name length violation (3–50 characters)
211 SSO Error 211 Invalid group_id specified
212 SSO Error 212 Invalid status specified
213 SSO Error 213 Account registration limit reached for the specified group or its parent group
214 SSO Error 214 permission_score_code or permission_score: column count mismatch when split by /
215 SSO Error 215 permission_score_code or permission_score: invalid mode value
216 SSO Error 216 permission_score_code or permission_score: group specification error
217 SSO Error 217 permission_score_code or permission_score: content specification error
218 SSO Error 218 permission_group_code or permission_group: column count mismatch when split by /
219 SSO Error 219 permission_group_code or permission_group: invalid mode value
220 SSO Error 220 permission_group_code or permission_group: group specification error
221 SSO Error 221 permission_contents_code or permission_contents: column count mismatch when split by /
222 SSO Error 222 permission_contents_code or permission_contents: invalid mode value
223 SSO Error 223 permission_contents_code or permission_contents: content specification error
224 SSO Error 224 Login ID contains prohibited characters
225 SSO Error 225 Name contains prohibited character \
226 SSO Error 226 Display name contains prohibited character \
227 SSO Error 227 Custom field (text / text area) contains prohibited character \
228 SSO Error 228 permission_assign_code or permission_assign: column count mismatch when split by /
229 SSO Error 229 permission_assign_code or permission_assign: invalid mode value
230 SSO Error 230 permission_assign_code or permission_assign: group specification error
231 SSO Error 231 permission_assign_code or permission_assign: content specification error
232 SSO Error 232 Login ID length violation (5–50 characters)
233 SSO Error 233 Email exceeds 256 characters
234 SSO Error 234 Email domain check error
235 SSO Error 235 Attempted to use a disallowed login ID
Other Errors
Code Error Name Description
999 SSO Error 999 Password linkage, etc.

Implementation Examples

The following are reference implementation code examples based on this specification. Adjust as needed for your environment.

Generating a GET URL (PHP)

<?php
declare(strict_types=1);

$endpoint = 'https://{tenant-domain}/'; // Keep trailing slash
$login    = 'user-123';
$sco_id   = 0;            // 0 for login only
$time     = time();
$secret   = 'YOUR_SHARED_SECRET';

$key = hash('sha256', $login . '/' . $secret . '/' . $sco_id . '/' . $time);

// Group IDs selected by checkbox (example: array obtained from UI)
$selected_groups = [22, 23, 24]; // multiple selected
// $selected_groups = [22];       // only one selected

$params = [
  'action'    => 'sso',
  'login'     => $login,
  'sco_id'    => $sco_id,
  'time'      => $time,
  'key'       => $key,
  // Multiple: convert to comma-separated string before passing
  'add_group' => implode(',', $selected_groups),
  // Single: pass as string directly (same result, but intent is explicit)
  // 'add_group' => '22',
  // 'sco_code' => 'QUIZ001', // only valid when sco_id=0
  // 'url'      => '/sys/?action=courseAll', // optional
];

$query = http_build_query($params, '', '&', PHP_QUERY_RFC3986);
header('Location: ' . $endpoint . '?' . $query);
exit;

Submitting a POST Form (PHP cURL)

<?php
declare(strict_types=1);

$endpoint = 'https://{tenant-domain}/';
$login  = 'user1';
$sco_id = 0;
$time   = time();
$secret = 'YOUR_SHARED_SECRET';

$key = hash('sha256', $login . '/' . $secret . '/' . $sco_id . '/' . $time);

// Group IDs selected by checkbox (example: array obtained from UI)
$selected_groups = [22, 23, 24]; // multiple selected
// $selected_groups = [22];       // only one selected

$post = [
  'action'    => 'sso',
  'login'     => $login,
  'sco_id'    => $sco_id,
  'time'      => $time,
  'key'       => $key,
  // To pass multiple checkbox values: convert to comma-separated string
  'add_group' => implode(',', $selected_groups),
  // To pass a single checkbox value: pass as string directly (same result, but intent is explicit)
  // 'add_group' => '22',
];

$ch = curl_init($endpoint);
curl_setopt_array($ch, [
  CURLOPT_POST           => true,
  CURLOPT_POSTFIELDS     => http_build_query($post, '', '&', PHP_QUERY_RFC3986),
  CURLOPT_HEADER         => true,
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_FOLLOWLOCATION => false,
]);
$res  = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);

echo "HTTP Status: {$info['http_code']}\n";
if (preg_match('/^Location:\s*(.+)$/mi', $res, $m)) {
  echo "Redirect To: " . trim($m[1]) . "\n";
}

POST (HTML Form Example)

Example for passing a single checkbox value: Specify the value directly in a hidden field.

<form method="post" action="https://{tenant-domain}/">
  <input type="hidden" name="action" value="sso" />
  <input type="hidden" name="login" value="user1" />
  <input type="hidden" name="sco_id" value="0" />
  <input type="hidden" name="time" value="1657896543" />
  <input type="hidden" name="key" value="e3b0c4..." />
  <input type="hidden" name="add_group" value="22" />
  <button type="submit">Log in with SSO</button>
</form>

Example for passing multiple checkbox values: Use JavaScript to convert the checked values into a comma-separated string, write it to a hidden field, and then submit. Note that the SSO endpoint expects the format add_group=22,23,24, so passing as a name[] array directly will not work.

<form id="sso-form" method="post" action="https://{tenant-domain}/">
  <input type="hidden" name="action" value="sso" />
  <input type="hidden" name="login" value="user1" />
  <input type="hidden" name="sco_id" value="0" />
  <input type="hidden" name="time" value="1657896543" />
  <input type="hidden" name="key" value="e3b0c4..." />

  <!-- Checkboxes (no name attribute — values are aggregated into a hidden field) -->
  <label><input type="checkbox" class="js-group" value="22" /> Group A</label>
  <label><input type="checkbox" class="js-group" value="23" /> Group B</label>
  <label><input type="checkbox" class="js-group" value="24" /> Group C</label>

  <!-- Hidden field that receives checked values as a comma-separated string -->
  <input type="hidden" name="add_group" id="add_group_hidden" />

  <button type="submit">Log in with SSO</button>
</form>
<script>
document.getElementById('sso-form').addEventListener('submit', function () {
  const checked = Array.from(document.querySelectorAll('.js-group:checked'))
    .map(cb => cb.value);
  document.getElementById('add_group_hidden').value = checked.join(',');
});
</script>

Notes

  • When generating the signature key, concatenate login/secret/sco_id/time directly with slashes — do not include any extra spaces
  • GET requests are more easily exposed in URLs and logs, so POST is recommended