![](/billing/images/invoice.png)
Steps to Set up SSO for your custom application
Using Security Assertion Markup Language (SAML), let your customers login to Zoho Billing Portal with your application’s credential.
-
Contact Zoho Billing with the following URLs.
- SSO Login URL
- SSO Logout URL
- SSO Password Reset URL
- X.509 Certificate
- Encryption algorithm
-
We will enable SSO for your account and share the following URLs,
- ACS URL
- RelayState
-
When Zoho Billing’s portal is accessed, Zoho Billing will make a GET call to the Login URL.
For easier understanding, let us assume
Login URL as www.zylker.com/saml/login
Logout URL as www.zylker.com/saml/logout
ACS URL as www.accounts.zohoportal.com/accounts/csamlresponse/10807
/*
* @method GET
* @queryParams `SAMLRequest`, `RelayState`
*/
GET: www.zylker.com/saml/login?SAMLRequest={SAMLRequest}&RelayState={RelayState}
------------------------------SAMLPLE SAMLRequest (BASE64)--------------------------------------
fVJNT+MwFLwj8R8i3/PV0NBaTVGgQlRidyMa9sAFObZLLRw7+DldYLX/HSdNYMVq8XE8M2/e6C3Onmvp7bkBoVWG4iBCHldUM6EeMnRbXvozdLY8PloAqWWD89bu1A1/ajnY4yPPPSdXgLvfDLVGYU1AAFak5oAtxZv82zWeBBEmANxYNwR91jVfCxujraZaDrr1KkP3NE2mVVIxQmbbk2o6mSfprEoZqXgUsymbx9NknkzSQfJz3M7ZjS4ALV8rsERZh0fxzI8jP56UUYpPEhxHwelpejeQiyHBuVCHWr6KWx1IgK/KsvCLH5vyw2UvGDffnSRDd3qn37MUrhyxd+iWSOADvHIVC0Vsn3xnbQM4DF9f5CM3AdV12FUXSv0gxkbzseELraCtudlwsxeU395cfxgQSnWrLASvLkCjjSWydxvxkHa+hkPjTHj4+0C5F+wPWh7GdK+/BtyXaJadU+exCP9GHesTv8Hd6utVoaWgL14upf51YTixbnFrWo68S21qYv/fbxzEPSKYv+2pmNdEyJwxFxhQ2N1p+O+hLt8A
------------------------------------------------------------------------------------------------
---------------------------------RelayState (BASE64)----------------------------------------
yygpKSi20tcvLk0qTi7KLCjJzM8r1qvKz8jXS87P1S/ILypJzNGvhtDxeYm5qbX6mXkpqRXx8Z6OvvHxUUCVwch6AQ==
--------------------------------------------------------------------------------------------
-
Decode and validate the request. Authenticate and authorize the user for Zoho Billing’s portal.
-
Once authorized, make a POST request to the ACS URL with SAMLResponse and RelayState in FormData.
/*
* @method POST
* @FormData `SAMLResponse` and `RealyState`
*/
POST: https://accounts.zohoportal.com/accounts/csamlresponse/10807
------------------------------SAMLPLE SAMLResponse (BASE64)-------------------------------------
1VjbctpIEH3fqv0HlfLoErohIVSBLIZgy+ZiI+w4vGyNRiOQLWlkzQgEqfz7jsTFXG0nu1XZvBgz3dPdp09P9wwfP2VhwE1RQnwc1Xi5JPEciiB2/Whc4++GbcHgP9X//OMjAWEQmwNEYhwRxLFdETGLxRqfJpGJAfGJGYEQEZNC0250O6ZSksw4wRRDHPBbW17fAQhBCWXh8JzVqvED6Hgy0IBe1qCCHAMiDZUdp6p5kmcYZQ+o1aoEVQfy3P0ahpLDsAhJkRURCiLKliTZEGRJkJWhpJtl1ZTLI55rIUL9CNBi14TSmJiiCCDEaURJaYEnOMYJBUEJ4nCzLsIcRLJKhShLhlRh7qJ1coa4xv8NdVVzVMcFwPDKjqZUVd1wdBc4SJJdza3KmlpVFZ1nueU4rkivWUSc1NdxLObBE0oK17lY9AuxGCIKXEDBR3F704uZ2LQpoClZLu2vNrGLuHsQpOh1FkihbdophIgQnhNXHsRDF8vgG2vaVkRnZJlRBmQ2m5VmagknY1GRJFl86HZsOEEh4De6/tvKgl9wCdEB0axKYi+raIYDgAQFQ5I9wQBVRdA8Awme7EmKhmRXBca7qmI3cf+eldySy1Lpj1mlpcn68LinEiSJUlVkOi7xxx9eotkyg1wr8vC2ZCVsgghHPgSBvyiKuovoBLtcIxjjxKeT8GSWZSn3KKAMClAuRx82hB/4LiC80+4OkoQAgUyAfNz0AHkoYZ0HcXcDq8Z/eC+he6ZW1oYJiIiHk5AcyvdVfgwFiqYowDFyBbJOxiGgn/HyHg6KA/gGvNxryx+zxvYzJB0naMds0TzqD/f3VqU7sHuud9ZzR+eLoTWzrQbu30q1IsZt5T26xW2+d+pbPFngO+W3tGopblR1+v0phS1Cwja4qNDp5P6692RYHTTxMjvN4sQYWTEcn4NZ2u5cG5NL2b66uoeNKrQvMkN1Fo2z2Z2xuHxMrrJs3L5a6F/Op5nt9ODIkaZGr/eUDfX5Y9+1tdZMXjSlsXHbBcllq92dUpCALGhCy/3qjWi3HKpPzmAwHenSuetY4Kwf3dtKpXerw6xfzeQxaxLhVauMZx0VPpTtJz0K7Yk98Z4XesuZVzsX7gQPe8/DceUmjtBVazEaV5XLyOq2H27OhpP54qJhxfqD9OXzYxz0vt5WRk/+ote3zjuZM7we6S7G4ZnXe0zVm9gWe8+4+xDfeV1a/nwftEm5OVP7iqYEl7LjgSektMoyqdx+uZsPFh37c9p3vOevxm2ttmFhK9d7TFyj+YkO9KBJ1Rbrg8crKJc28zHhsSZFUf0biihKuDlOEw6+rHMQs/WIfi9C2d90pJqOeS0E+4HuYtvr9HbqPCJId4wUgh4bj1aLa7MTB+jpuSmX5GLFdwWvUDXZ2PKDhusm+Qytx4AmPvTBXy8zZDUulg4OHa8iauLI83OD+XhdHuvXpzcMTQeBBCX7/fGk2Tx7XA/TftRPGh4j5WA46ssr0wBBP/ZRPj1/yYVptzmt8ncE0BblR8ldZoLtcP1cneTgzxHjDR0gl5bI35GdQwYbqevnbY5hzcnfieyYXv0bWP33fRX4RnII+zXjK5UXgHvIGymdRPk1DoWMTK74+sq9SGUJsFkVM0sn8qBuX6xXqlbkooyRK5UN1fV0SXBybUlWdUEvGxVB11BV91xD0WDlaPJYUM28F2T0RNZeFJoBezmwsVJ/9XEBTZjrseUb9jHDiXvDXiisMJBbTNW8fDfZPWL8GAlHgtyWbZK8zwBlpDkpRYcKhzpc3iJqPJsgDkr6Hl98f6shFYiZhXx13ZIcpgePt4WNs6Lnc+xWbtJ5zLxm7N3GRNH4+Onb7Hs7/jv2SCjlf/KQfmsQbT8htPcLUWzGScnBcxCgfRyHg/uHgWKPjdzflqYb9kpkLSgMUwqcgM3X3xVIUW/FVeKX19rh1eW/rLcCaAf82nP1b9lKcPB/j31fsDeA1uL1Lzr573/i7g+A9X8A
------------------------------------------------------------------------------------------------
SAMLRequest (Decoded)
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_c635b3bdaa8f4b529368b6dabe01d5d91539326" Version="2.0" IssueInstant="2018-10-12T06:43:10.776Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="Zoho" IsPassive="false" Destination="https://zylker.com/saml/login" AssertionConsumerServiceURL="https://accounts.zohoportal.com/accounts/csamlresponse/{portal_id}">
<saml:Issuer>zoho.com</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" />
</samlp:AuthnRequest>
SAMLResponse (Decoded)
<?xml version="1.0" encoding="UTF-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="Rcbf1a5a645c2eb8ce5e4bb95f0f884fa3990c3bc" Version="2.0" IssueInstant="2018-10-12T06:43:14Z" Destination="https://accounts.zohoportal.com/accounts/csamlresponse/10807" InResponseTo="_c635b3bdaa8f4b529368b6dabe01d5d91539326">
<saml:Issuer>https://zylker.com/saml/issuer/metadata</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfx758baa0c-801f-8a92-5f8e-f1f025e1d3a8" IssueInstant="2018-10-12T06:43:14Z">
<saml:Issuer>https://zylker.com/saml/issuer/metadata</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#pfx758baa0c-801f-8a92-5f8e-f1f025e1d3a8">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>XVVI7MRSNdf+NdZBzTIwSIAoOQ0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>I2dn9bOOvtcDssmFaG7tvhVKNk8ILehfxSuxpr8ZIpcgBawuFLK8hH1SJJVcA9cSGx83bzA+wU8zHjrJxxgFJz6WBvxSbNcZb0v8NNkxT6yjOdS5Dw1zC0g8QMarHDFMvtaraxlCcIdYfZtM4m3kbRRvZ60BdbIa+OnVS27NQ6cxO9x1g/memJD4owL3cX4Sk6nmShShfqz6Dby9LGdhoTNqTg7PpneJDzZg92HnIMFXP+ThyzGAIp6X0WEjplNYQ7ZkizNOIBLxbTKZ6doom+fNju3PpS/NqoMXpUfMt4EVlFs4Cw3O252lH1bfake2D41s7QWUyRzLSEuObfqY8Q==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>{enter your certificate content}</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">patricia@zylker.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2018-10-12T06:46:14Z" Recipient="https://accounts.zohoportal.com/accounts/csamlresponse/10807" InResponseTo="_c635b3bdaa8f4b529368b6dabe01d5d91539326" />
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2018-10-12T06:40:14Z" NotOnOrAfter="2018-10-12T06:46:14Z">
<saml:AudienceRestriction>
<saml:Audience>{audience}</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2018-10-12T06:43:13Z" SessionNotOnOrAfter="2018-10-13T06:43:14Z" SessionIndex="_0483df60-b018-0136-6487-65e96fd825c7">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="memberOf" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" />
</saml:Attribute>
<saml:Attribute Name="User.Username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" />
</saml:Attribute>
<saml:Attribute Name="User.FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">patricia.boyale</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="office" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" />
</saml:Attribute>
<saml:Attribute Name="PersonImmutableID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" />
</saml:Attribute>
<saml:Attribute Name="User.email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">patricia@zylker.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="User.LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" />
</saml:Attribute>
<saml:Attribute Name="role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string" />
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>