I tested the SSO implementation in the cvs and it works fine with one exception: the SSO mechanism is used only for the first time a user visits the forum, when the forum user session is created, to be more specific. If a user visits the forum, then logs in to another restricted area of my web app and returns to the forum afterwards she will stay anonymous until the end of the forum session. So I patched ControllerUtils to call checkSSO also if a user session already exists. This way changes in identity caused by a login to my web app are also mirrored in the forum.
In addition I had to implement another feature/sso enhancement: the forum is open in read only mode to anonymous users. But when you try to post a message you have to login. At the moment the forum_login.htm template is displayed. In case an external SSO mechanism is used this makes no sense. What is needed is a way to trigger the external login mechanism (e.g. by redirecting the request to a JSP protected by a security constraint). Therefore I introduced an optional config property called sso.redirect and patched ViewCommons to set the redirect URL in case sso is on and sso.redirect is set.
Please see the diffs in the attachements for further details. [originally posted on jforum.net by TheCooler]
Does this mean that SSO is enabled in the latest release? I have a JForum up and running, but so far I haven't seen any easy way of logging in once and once only . I would prefer not to mess with the source code, so is there any documentation on this?
I thought about duplicating the user info, but how is the passwords encrypted in the JForum user table? If I insert user data from my unencrypted user table, how do I encrypt them when inserting them? This would solve my problem of having the users register twice... but need the SSO bit to make it perfect
I know there's been lots of threads on this but I'm still not sure how to do this
Christer [originally posted on jforum.net by cnordvik]
SSO integration as for LoginAuhenticator , LDAP and etc. is not a problem - this is just separate java code. The problem, which is hard to solve, is web site integration:
how to integrate existing web site with jforum.
It is much harder to manage (and keep up-to date) jforum templates, than java code.
For SSOintegration a good API should be chosen, and this API shoild be on web link level, so no significant template modification is required.
I think the approach of https://coderanch.com/t/575225 about web link API is a reasonable one.
In a similar way many internet backing sites ( chaseonline.chase.com and many other) do sso integration: they have it on web link level. This approach simplifies sso integration a lot. [originally posted on jforum.net by Anonymous]