QuerySecureSession

The QuerySecureSession web service XML- or JSON-based information exchange systems that use the Internet for direct application-to-application interaction. These systems can include programs, objects, messages, or documents. enables single sign on between CMP Converged Monetisation Platform. The MDS Global product that supports customer care and billing for digital service providers. and a third party Of software; a reusable component developed to be either freely distributed or sold by an entity other than the original vendor of the development platform. application by allowing an external client system to query the CMP database and retrieve the unique security token along with other appropriate data that was originally passed in from AgentView The graphical user interface of the CMP that is typically used by Customer Service Agents to access CMP customer and billing data. In versions prior to CMP 8.0, this was called the CMP GUI. for example mobile number, Account In the Cloud Monetisation Platform, a billing entity that can be used to manage payments on one or more subscriptions or payments for services. An account can hold details such as payments or invoices. Number, user A person with the capability to log in to the CMP GUI software, such as a customer service advisor or agent. ID etc.

The CMP single sign on feature is mainly used between AgentView and a selfcare application. It utilises AgentView weblinks functionality so that, when a user is in the GUI Graphical User Interface. A user interface that allows users to interact with electronic devices through graphical icons and visual indicators. In the context of CMP, the CMP GUI is the user interface typically used by CSAs to access customer data stored in CMP. and is in a particular entity be it an Account or Subscription A billing entity that incurs a charge. Examples include a network attached device whose usage you want to measure and charge for, or a monthly software subscription, they can choose to select the appropriate weblink and single sign in to another browser based application.

CMP to Third Party Application Single Sign On Process

There is only one implementation of this single signon process, that passes the Account Number as an attribute. Other implementations i.e. to pass more attributes would require a CMP code change.

Prerequisite

The CMP weblinks for the target application must be configured with the appropriate URL for the third party, to generate a secure token and to pass the relevant parameters (e.g. mobile number, Account Number, agent ID etc.) to the third party application.

Sequence of Interactions

The user clicks on the weblink for the third party application.
The GUI calls the CMP Enterprise Java A widely used object-oriented programming language that is designed for use in the distributed environment of the internet. It is the most popular programming language for Android smartphone applications Bean (EJB Enterprise Java Beans. A server-side component that encapsulates the business logic of an application. An EJB container provides a runtime environment for web-related software components.) Layer passing through the pre-configured parameter (e.g. Account Number).
The CMP EJB Layer generates a unique token (random integer) and stores this in the CMP database along with the parameters that were passed through from the GUI.
The CMP EJB Layer passes the secure token back to the GUI.
The GUI launches a browser with the pre-configured URL and the secure token as a parameter in the URL.
The request is received by the third party application.
The third party application identifies that it does not have a valid session to service that request.
The third party application calls the CMP QuerySecureSession web service, passing through the session token that originally came from the GUI.
The CMP web service checks in the database for the previously stored secure token and finds a match.
The CMP web service checks that the security token has not expired and, if it is not expired, then returns the token along with the other data that was saved with it. This is the data that was originally passed in from the GUI (e.g. mobile number, agent ID, Account Number etc.). The token is then deleted or inactivated.

If the secure token does not match any in the database, or if the token has been expired, then an error is returned to the third party application.

The third party application logs the user into the application.

QuerySecureSession Request

The QuerySecureSession tag instructs the Security Service to pass the generated security token. This request contains the following elements:

Element Name	Content Type	Description	Required?
ExternalReference	String69	The client may use this identifier to correlate the request and the response.	Optional
SessionToken	String10	The description of the unique security token.	Mandatory

QuerySecureSession Response

QuerySecureSession response is the response to the QuerySecureSession Request. This contains the following elements:

Element Name	Content Type	Description	Element Name
ExternalReference	String69	Returned unmodified in the response. The client may use this identifier to correlate the request and the response.	Optional
SessionToken	String10	The description of the unique security token.	Mandatory
CompanyNumber	String3	This details the Company Name.	Mandatory
UserName	String100	This displays the name of the user who is trying to securely sign on to the system.	Mandatory
SessionAttributes	Container	Zero or more repetitions. See Attribute Response Container for details.	Optional

Attributes Response Container

The Attributes response container has the following elements:

Element Name	Content Type	Description	Required?
Attribute	Container	Zero or more repetitions. See Attribute response container for details.	Optional

Attribute Response Container

The Attribute response container has the following elements:

Element Name	Content Type	Description	Required?
AttributeId	Integer 1-99	A unique ID for the Attribute. For example, 01. This is chosen from a list of Attributes configured against the chosen Attribute Group in CMP Back Office configuration.	Mandatory
AttributeValue	String30	A full description of the Attribute. For example, Dedicated Lease Line Connection.	Optional

Element Name

Content Type

Description

Required?

AttributeId

Integer 1-99

A unique ID for the Attribute. For example, 01.

This is chosen from a list of Attributes configured against the chosen Attribute Group in CMP Back Office configuration.

Mandatory

AttributeValue

String30

A full description of the Attribute. For example, Dedicated Lease Line Connection.

Optional

Sample QuerySecureSession Response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Body>

      <ns2:QuerySecureSessionResponse xmlns:ns2="http://mdsuk.com/ws/dise3g/security/definition" xmlns:ns3="http://mdsuk.com/ws/dise3g/workflow/definition" xmlns:ns4="http://mdsuk.com/ws/dise3g/fault/exception">

<ns2:Result>

<UserName>JOHNRY</UserName>

</Attribute>

</SessionAttributes>

</ns2:Result>

</ns2:QuerySecureSessionResponse>

</soapenv:Body>

</soapenv:Envelope>

In this example, Attribute ID 1 is the CMP Account Number (10).

Sample Error Responses

If an invalid token that was passed in:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Body>

<soapenv:Fault>

<faultcode>soapenv:Server</faultcode>

<faultstring>ValidationException</faultstring>

            <ns3:ValidationFault xmlns:ns3="http://mdsuk.com/ws/dise3g/workflow/definition" xmlns:ns2="http://mdsuk.com/ws/dise3g/security/definition" xmlns:ns4="http://mdsuk.com/ws/dise3g/fault/exception">

<MessageId>mds.dise3g.validation</MessageId>

                  <MessageText>Validation errors in the data submitted for the request</MessageText>

</Details>

<Error>

<MessageId>UNABLE_TO_FIND_RECORD</MessageId>

                     <MessageText>Secure Session Request is invalid for , SecureSession 447332144.</MessageText>

<ExtraInfo>SecureSessionRequest|, SecureSession 447332144.</ExtraInfo>

</Error>

</Errors>

</ns3:ValidationFault>

</detail>

</soapenv:Fault>

</soapenv:Body>

</soapenv:Envelope>

If the secure token had timed out:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Body>

<soapenv:Fault>

<faultcode>soapenv:Server</faultcode>

<faultstring>ValidationException</faultstring>

            <ns3:ValidationFault xmlns:ns3="http://mdsuk.com/ws/dise3g/workflow/definition" xmlns:ns2="http://mdsuk.com/ws/dise3g/security/definition" xmlns:ns4="http://mdsuk.com/ws/dise3g/fault/exception">

<MessageId>mds.dise3g.validation</MessageId>

                  <MessageText>Validation errors in the data submitted for the request</MessageText>

</Details>

<Error>

<MessageId>SESSION_ID_TIMEOUT</MessageId>

<MessageText>Requested Session ID has timed out</MessageText>

<ExtraInfo>Requested Session ID has timed out</ExtraInfo>

</Error>

</Errors>

</ns3:ValidationFault>

</detail>

</soapenv:Fault>

</soapenv:Body>

</soapenv:Envelope>