A vendor (Provider or reseller) experiences problems with the 'To Control Panel' link in PBA, the link is displayed in properties of any customer account and allows to log into the Customer Control Panel on behalf of a customer account.
As Provider I want to know how exactly PBA generates the link.
PBA generates the 'To Control Panel' link using SuDo settings which are defined in the Provider Control Panel at Configuration Director > Security Manager > SuDo Settings.
The format of the setting (in PBA 5.4.x):
<ui:link id="LoginLink"> <ui:contents>To Control Panel</ui:contents> <ui:pointer target ="_blank" method = "ext" ext-method="post" href="https://<CP URL>/servlet/Turbine/frm/single/action/PLoginHandler?event1234submit=doLogin&renderEnv=undefined"> <ui:parameter><name>password</name><value uri-encoded="true">@@Password@</value></ui:parameter> <ui:parameter><name>user</name><value uri-encoded="true">@@Login@</value></ui:parameter> </ui:pointer> </ui:link>
<CP URL> is a correct URL to control panel,
SuDo settings may be configured on per-reseller level. Each reseller should use URL of their branded Control Panel in SuDO settings. This approach brings the following limitation: if a reseller has 2 different brands with 2 different branded Control Panel URLs (cp1.reseller.com and cp2.reseller.com) - they will only be able to specify only one URL in SuDo settings (for example cp1.reseller.com) and thus the 'To Control Panel' link will only work for customers who belong to the brand cp1.reseller.com and it will not work for customers who belong to the brand cp2.reseller.com.
This behavior is improved in PBA-E 5.5 - the 'To Control Panel' link dynamically retrieves account brand details and branded Control Panel URL from POA for each account.
There are 2 possible workarounds for resellers that have several brands:
Instead of using the 'To Control Panel' link from PBA, a reseller may go to POA and use the 'Login as staff member' link in a customer account properies
- It is possible to configure POA to allow any user to login to any brand, however this is global setting which, being enabled, will also allow customers of reseller to login at Provider's Control Panel URL. See the Parallels Knowledgebase article #3988 External system cannot authenticate in POA using non-branded URL for more details.