Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

PATCH: Single SignOn

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I tested the SSO implementation in the cvs and it works fine with one exception: the SSO mechanism is used only for the first time a user visits the forum, when the forum user session is created, to be more specific. If a user visits the forum, then logs in to another restricted area of my web app and returns to the forum afterwards she will stay anonymous until the end of the forum session. So I patched ControllerUtils to call checkSSO also if a user session already exists. This way changes in identity caused by a login to my web app are also mirrored in the forum.


In addition I had to implement another feature/sso enhancement: the forum is open in read only mode to anonymous users. But when you try to post a message you have to login. At the moment the forum_login.htm template is displayed. In case an external SSO mechanism is used this makes no sense. What is needed is a way to trigger the external login mechanism (e.g. by redirecting the request to a JSP protected by a security constraint). Therefore I introduced an optional config property called sso.redirect and patched ViewCommons to set the redirect URL in case sso is on and sso.redirect is set.

Please see the diffs in the attachements for further details.
[originally posted on jforum.net by TheCooler]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As there only 3 attachements allowed, here is the missing one for SystemGlobals.properties
[originally posted on jforum.net by TheCooler]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey,

thanks for the patches. I'll apply as soon as I get some free time!!

thanks
Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Rafael,

Could you please create a case in JIRA ? It will be pitty if this nice patch (by TheCooler) fall forgoten after some time ...

Greetings
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok:

http://www.jforum.net/jira/browse/JF-317

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Done

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does this mean that SSO is enabled in the latest release? I have a JForum up and running, but so far I haven't seen any easy way of logging in once and once only . I would prefer not to mess with the source code, so is there any documentation on this?

I thought about duplicating the user info, but how is the passwords encrypted in the JForum user table? If I insert user data from my unencrypted user table, how do I encrypt them when inserting them? This would solve my problem of having the users register twice... but need the SSO bit to make it perfect

I know there's been lots of threads on this but I'm still not sure how to do this

Cheers,
Christer
[originally posted on jforum.net by cnordvik]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You actually made some docs! Sorry for not searching good enough....

http://www.jforum.net/confluence/display/sso/Home

-Christer
[originally posted on jforum.net by cnordvik]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
heheh.. no problem.. I should announce the docs, or otherwise nobody will see them

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
SSO integration as for LoginAuhenticator , LDAP and etc. is not a problem - this is just separate java code. The problem, which is hard to solve, is web site integration:
how to integrate existing web site with jforum.
It is much harder to manage (and keep up-to date) jforum templates, than java code.

For SSOintegration a good API should be chosen, and this API shoild be on web link level, so no significant template modification is required.

I think the approach of https://coderanch.com/t/575225
about web link API is a reasonable one.
In a similar way many internet backing sites ( chaseonline.chase.com and many other) do sso integration: they have it on web link level. This approach simplifies sso integration a lot.
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I 've checked out the tas SSO, is this PATCH included?
[originally posted on jforum.net by Anonymous]
 
reply
    Bookmark Topic Watch Topic
  • New Topic