There are several situations where the readymade script that Get Satisfaction provides doesn’t work, or works poorly. The most common situation is where your site uses both domain aliasing to put your support community within your domain, and SSL. We don’t have an SSL certificate to support your SSL subdomain, so using the standard scripting method will create security warnings for your users.
To avoid this, you need to do a couple things. First you need a way to pass in the user information and verify it with the Key and the Secret. The recommended way to do this is to write the FastPass cookie yourself.
Second, you’ll need to make certain that you call the FastPass script from a non-SSL page during signover (the process where someone goes directly to your community, and we open a window for them to log in to your site to proceed). This means that you may need to redirect to a non-SSL page post-login where you run the script method.
Different web application environments have different methods for setting a cookie. Using the method of your choice, you’ll want to set a cookie named “fastpass” to the URL generated by the FastPass library with the url method.
If you’re using domain aliasing, you need to remember to set the domain name as well as the URL. Be sure to set the domain to “.domain.com”, starting with a dot, and removing the “www” prefix. In Ruby, your script might look like this:
cookies["fastpass"] = {
:value => FastPass.url(KEY, SECRET, user.email, user.name, user.id),
:domain => ".domain.com"
} If you want to avoid writing cookies, you can pass a URL encoded version of URL in through a query string. This would need to be part of all links to Get Satisfaction. A query string would look something like this:
<%= link_to "Our Support Community", "/mycompany?fastpass=#{CGI.escape(FastPass.url(KEY, SECRET, user.email, user.name, user.id))} %> You can also pass information in using JavaScript. This takes two steps. First, when a user logs into your site, you need to include:
<%= FastPass.script(KEY, SECRET, user.email, user.name, user.id) %>
Second, all links to Get Satisfaction must be JavaScript function calls to GSFN.goto_gsfn():
<%= link_to_function "Our Support Community", "GSFN.goto_gsfn()" %>
In addition to writing the cookie, the FastPass script is also responsible for logging the user into your site during signover (the process where someone goes directly to your community, and we open a window for them to log in to your site to proceed), and closing the signover window.
The login page that you use for signover can be your standard login page, or one you design for this purpose, but you need to be certain to invoke the script method from a non-SSL page. One strategy is to redirect to a non-SSL login success page to run the script method, closing the login window and returning the user to the community.
To specify the login page you want to use for signover, go to:
/[companyname]/admin/fastpasses
and enter the login URL you want to use in the External Login URL field.
If you are unable to include the javascript on a non-SSL page after a user logs in from the signover flow, we allow you to redirect users to a community url that will complete the login and close the window. Simply redirect the user after they've signed in to the URL that includes the signed fastpass url as a query string. IMPORTANT: The fastpass URL must be encoded. Example:
http://feedback.familyrewards.com.sg/fastpass/finish_ signover?company=philips_ family_rewards&fastpass=[ENCOD ED_FASTPASS_URL]
Get Satisfaction uses several different cookies to make Single Sign-On work. The "fastpass" cookie is a one time communication mechanism, and it's deleted after we validate the URL.
Get Satisfaction’s login cookies are session cookies that are cleared when a user closes their browser. You can clear these cookies and log out your users by calling the logout.js javascript, something like this:
community.domain.com/logout.js
To avoid security warnings, widgets needs to be generated from https://getsatisfaction.com rather than https://community.domain.com. Here’s the most direct way to do that:
Remove the following domain parameters from the widget javascript:
GSFN.feedback_widget.prototype.local_base_url = "http://community.domain.com"; GSFN.feedback_widget.prototype.local_ssl_base_url = "http://community.domain.com"
This will pull the iframe assets from getsatisfaction.com which we will serve via ssl.
feedback_widget_options.fastpass = "[FASTPASS_URL]";