BMO SSO Integration Example

How to Initiate BMO SSO Flow from Your eApps Application

When a user clicks a button in your eApps application to authenticate via BMO, you need to redirect them to the BMO SSO page with proper query parameters.

C# Code Examples

Option 1: ASP.NET WebForms Button Click
protected void btnLoginWithBMO_Click(object sender, EventArgs e)
{
    // Generate a unique state parameter for security (prevents CSRF attacks)
    string state = Guid.NewGuid().ToString("N");
    
    // Store state in session to verify on callback
    Session["OAuthState"] = state;
    
    // Your application's callback URL where BMO will redirect after successful auth
    string returnUrl = "https://your-visa-app.com/auth/callback";
    
    // Build the BMO eApps SSO URL
    string bmoSsoUrl = $"https://sso-cte.test.fraedom-cloud.com/BmoSsoEapps.aspx?returnurl={HttpUtility.UrlEncode(returnUrl)}&state={HttpUtility.UrlEncode(state)}";
    
    // Redirect user to BMO IdP
    Response.Redirect(bmoSsoUrl);
}
Option 2: ASP.NET MVC Controller Action
public ActionResult LoginWithBMO()
{
    // Generate a unique state parameter for security
    string state = Guid.NewGuid().ToString("N");
    
    // Store state in session to verify on callback
    Session["OAuthState"] = state;
    
    // Your application's callback URL
    string returnUrl = "https://your-visa-app.com/auth/callback";
    
    // Build the BMO eApps SSO URL
    string bmoSsoUrl = $"https://sso-cte.test.fraedom-cloud.com/BmoSsoEapps.aspx?returnurl={HttpUtility.UrlEncode(returnUrl)}&state={HttpUtility.UrlEncode(state)}";
    
    // Redirect user to BMO IdP
    return Redirect(bmoSsoUrl);
}
Option 3: JavaScript/HTML (Client-Side Redirect)
<button onclick="loginWithBMO()" class="btn btn-primary">Login with BMO</button>

<script>
function loginWithBMO() {
    // Generate state parameter (in production, get this from server)
    var state = generateUUID();
    
    // Your application's callback URL
    var returnUrl = encodeURIComponent('https://your-visa-app.com/auth/callback');
    
    // Build BMO eApps SSO URL
    var bmoSsoUrl = 'https://sso-cte.test.fraedom-cloud.com/BmoSsoEapps.aspx?returnurl=' + returnUrl + '&state=' + encodeURIComponent(state);
    
    // Redirect to BMO
    window.location.href = bmoSsoUrl;
}

function generateUUID() {
    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
        var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
        return v.toString(16);
    });
}
</script>

Complete Authentication Flow

  1. User clicks "Login with BMO" button in your eApps application
  2. Your app redirects to: https://sso-cte.test.fraedom-cloud.com/BmoSsoEapps.aspx?returnurl=<your_app_callback>&state=<random_state>
  3. BMO validates the returnurl and state
  4. BMO redirects to SD IdAM: https://identity-bmo-cte.test.fraedom-cloud.com/connect/authorize
  5. User authenticates at SD IdAM
  6. SD IdAM redirects back to BMO callback: https://sso-cte.test.fraedom-cloud.com/bmo/callback?code=<auth_code>&state=<state>
  7. BMO exchanges code for tokens at SD IdAM token endpoint: https://identity-bmo-cte.test.fraedom-cloud.com/connect/token
  8. BMO redirects user back to your application's returnUrl
  9. Your app validates state and establishes user session

Test the Integration

Click the button below to test the BMO SSO flow using the dedicated eApps page: