Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Single sign-on

 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are hints that the new JForum 2.1 can do single sign-on. If so, that would be wonderful.

How?

(I'm using Tomcat with auth-method BASIC or FORM).

(Perhaps this is a FAQ?)

Cheers,
Per

[originally posted on jforum.net by per]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The is a interface, net.jforum.drivers.external.LoginAuthenticator which you can implement to use your own authentication method. Probably it will not be exactly what you want, so you will need to tell me how do you expect it to be / what improvements to made, so then we can make it better for future versions.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here's how I think a simple and basic method for SSO (single sign-on) can be implemented.

First, this should of course be configurable, perhaps at install time. (configuration is kept in e.g. SystemGlobals.properties). Several different SSO metods can then be implemented, as requests come in from different users/integratrors. A vanilla SSO method should be provided in the first version.

When an SSO method is in effect, there's no need to look in JForum's own user database. In fact, it should then be totally ignored for authentication. (And setting a password should be disabled, of course).

Here's a rough implementation for a vanilla SSO method. Hope that you see the general idea:

The vanilla SSO method should simply call request.getRemoteUser() to get the logged-in username. That's it!

Perhaps it can also use isUserInRole("admin") to see if it is an administrator, I dunno...

Hope this helps!
Per


[originally posted on jforum.net by per]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, it is already configurable. Just make your own implementation of net.jforum.drivers.external.LoginAuthenticator and register it in SystemGlobals.properties, key "login.authenticator"

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, but when is the LoginAuthenticator instantiated, and when are its methods setUserModel() and validateLogin() called?

If validateLogin() is called when the login' button is clicked, then that's too late. In fact, if JForum uses the vanilla SSO scheme, there should be no 'login' button at all. The user is already logged in by another web application. All JForum should do is to check if it's a new user and add the user to its own user database.

I have no idea how to implement that given the current design of LoginAuthenticator. Perhaps it's just a matter of adding documentation, but I fear that this requires some redesign...?

Cheers!
Per

[originally posted on jforum.net by per]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So, that's "redesing" idea I want to hear from you. You can go ahead into jforum's source code and suggest architectural changes.

If you want, add me to your icq or msn contact list, if you want / have.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic