Skip to main content
Skip table of contents

Gateway Configuration

Security > Tasks > Gateway Configuration

Note: The following gateway configuration documentation is geared towards a web developer to use as a guide to develop the encryption parameters (and methods) to submit to ICE for single sign on. 
ICE Gateway Configuration can be used to allow single sign-on capabilities from another website to ICE when the website is on a different website domain than ICE. 
The gateway endpoint URL would be http://ICEURL/Public/Gateway 
The website the user will be coming from to ICE should provide the following information to the gateway endpoint:

  1. Encrypted data containing iMIS ID and time stamp information
  2. Initialization vector value

Recommended Procedure:

  1. Create data to be passed to gateway
    • This should be a key value pair listing similar to a query string.
    • The parameter names would be:
      1. ID = iMIS ID of the member to be authenticated
      2. Timestamp = UTC time in number of ticks representing current time
      3. Example: ID=349053&Timestamp=635832924950211827
  2. Encrypt the above data string using the information in the configuration area within ICE admin:
    • Encryption method – example = Aes
    • Shared Secret Key – example = 6801377559D9495CA5D67AC321ED44F5(must be a hexadecimal string according to the encryption method requirements)
    • Cipher Mode – example = CBC
    • Padding Mode – example = Zeros
    • Initialization Vector – recommend generating a random value
  3. Set the Token Expiration Period
    • For example: 30 seconds – meaning the token will only be good 30 seconds from the time it was generated based on the Timestamp field in the token. Note: a value of 0 (zero) means no expiration!
  4. Send the encrypted data and initialization vector used by respectively using the specified URL parameter names for the gateway:
    • Token Query String Key for encrypted data (should be a base 64 string)
    • Initialization Vector Query String Key for initialization vector (should be a base 64 string)
    • Example:
      • Token Query String Key = t
      • Initialization Vector Query String Key = d http://website.org/ICE/Public/Gateway?t=K8FOu9yLazlniqowsYNYDv9sIhBBcGx90pcYmv7qJUXL3XBzfTmn741PmvcV9l9W&d=O0Ht3nOaLbVPrax%2bK9LaBg%3d%3d 

Query String Key Configuration References

Token Query String Key:

Enter the key name (for the authentication token) of a name value collection parsed from the query string being passed to the gateway endpoint. Its value being the encrypted data containing the iMIS ID of the user to be authenticated.

Initialization Vector Query String Key:

Enter the key name (for the initialization vector) of a name value collection parsed from the query string being passed to the gateway endpoint. Its value being the initialization vector to be used by the symmetric algorithm for encryption/decryption. The value should be a UUencoded (base-64) string we can convert into an array of bytes. 

Encryption Configuration References

Secret Key:

Enter the value of the secret key to be used by the symmetric algorithm. The text value must be encoded using the UTF-8 format so that we can convert its characters into an array of UTF-8-encoded bytes.

Encryption Method:

Enter the name of the symmetric algorithm to use. Its value can be one of the following:

  • Aes
  • DES
  • RC2
  • Rijndael
  • TripleDES

Cipher Mode:

Enter the name of the block cipher mode to use by the encryption. Its value can be one of the following:

  • CBC
  • CFB
  • CTS
  • ECB
  • OFB

Padding Mode:

Enter the name of the padding type to apply by the encryption. Its value can be one of the following:

  • ANSIX923
  • ISO10126
  • None
  • PKCS7
  • Zeros




JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.