Skip to main content
Edmentum Support

SSO Technical Reference

Edmentum provides a number of Single Sign-On options. One of these options is a method that we call encrypted links. This method assumes that the both the customer and Edmentum have a copy of the credentials.

This is typically used when an organization has a portal or other mechanism for their learners to launch into Edmentum (Courseware, Exact Path, Assessments) and they do not want their users to have to log in again.

NOTE:The documentation outlined below encompasses the full extent of resources available to organizations who wish to develop an API or SSO connection to Edmentum for their systems. 


The URLs utilized for single sign on are as follows:

Test Environment:

Production Environment:

The encrypted contents is a pipe separated string consisting of the Account Login, User Name and Password. For example if your Account Login is "ps", your User Name is "user1" and your Password is "P@ssw0rd" the url string would be "ps|user1|P@ssw0rd".

This string then is encrypted using RSA asymmetric encryption with Plato's public key provided below.

Public Key

The public key that should be used to encrypt the string can be downloaded from here. EdmentumPublicKey.txt


Ensure that prior to encoding with the RSA algorithm your string is encoded as Unicode (UTF-16 Little Endian). 

Code Samples


The following code is an example in Microsoft .NET C#. This is available in any language that supports RSA asymmetric encryption algorithm.

The following .NET namespaces are required:


using System;
using System.Security.Cryptography;
using System.Text;

Below are two methods that can be used as samples for creating the encrypted portion of the querystring to be used with the URL referenced above:

	private string EncryptPlatoQueryString(string accountLogin, string platoName, string password)
		return RSAEncrypt(accountLogin + "|" + platoName + "|" + password);
private string RSAEncrypt(string dataToEncrypt)
		string publicKey = @"<rsakeyvalue>
		using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider())
			byte[] plainBytes = Encoding.Unicode.GetBytes(dataToEncrypt);
			byte[] cipherBytes = RSA.Encrypt(plainBytes, false);
			string cipherString = Convert.ToBase64String(cipherBytes);
			return cipherString;



Note: This sample requires the use of phpseclib


function EncryptPlatoQueryString($accountLogin, $platoName, $password) {
	return RSAEncrypt($accountLogin . "|" . $platoName . "|" . $password);
function RSAEncrypt($dataToEncrypt) {
	$publicKey = '<RSAKeyValue>
       $xml = new DOMDocument();

       $modulus = new Math_BigInteger(base64_decode($xml->getElementsByTagName('Modulus')->item(0)->nodeValue), 256);
       $exponent = new Math_BigInteger(base64_decode($xml->getElementsByTagName('Exponent')->item(0)->nodeValue), 256);
       $key = array('modulus' => $modulus, 'publicExponent' => $exponent);

       $rsa = new Crypt_RSA();

       $rsa->loadkey($key, CRYPT_RSA_PUBLIC_FORMAT_RAW);

       $plainbytes = mb_convert_encoding($dataToEncrypt,"UTF-16LE", "auto");
       $res = $rsa->encrypt($plainbytes);

       return  base64_encode ( $res );

echo EncryptPlatoQueryString('loginName', 'platoName', 'p@s$w0rd1@');
  • Was this article helpful?