The is a interface, net.jforum.drivers.external.LoginAuthenticator which you can implement to use your own authentication method. Probably it will not be exactly what you want, so you will need to tell me how do you expect it to be / what improvements to made, so then we can make it better for future versions.
Rafael [originally posted on jforum.net by Rafael Steil]
Here's how I think a simple and basic method for SSO (single sign-on) can be implemented.
First, this should of course be configurable, perhaps at install time. (configuration is kept in e.g. SystemGlobals.properties). Several different SSO metods can then be implemented, as requests come in from different users/integratrors. A vanilla SSO method should be provided in the first version.
When an SSO method is in effect, there's no need to look in JForum's own user database. In fact, it should then be totally ignored for authentication. (And setting a password should be disabled, of course).
Here's a rough implementation for a vanilla SSO method. Hope that you see the general idea:
The vanilla SSO method should simply call request.getRemoteUser() to get the logged-in username. That's it!
Perhaps it can also use isUserInRole("admin") to see if it is an administrator, I dunno...
OK, but when is the LoginAuthenticator instantiated, and when are its methods setUserModel() and validateLogin() called?
If validateLogin() is called when the login' button is clicked, then that's too late. In fact, if JForum uses the vanilla SSO scheme, there should be no 'login' button at all. The user is already logged in by another web application. All JForum should do is to check if it's a new user and add the user to its own user database.
I have no idea how to implement that given the current design of LoginAuthenticator. Perhaps it's just a matter of adding documentation, but I fear that this requires some redesign...?