• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

User profile template & SSO

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When SSO is "on" it is often pointless to show what is called
"Register Information" in profile template: /jforum/user/edit/2.page
There should be an option to disable this section (the "Register Information" one)

[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am sure about this, but looking at the code looks like there is no synchronization between SSO and jforum_users for e-mail and screen name.

I think the easiest way to fix this - during login (and possible during other times)
update jforum_users to set username and user_email to ones from SSO.
So the code login will include this:

if user does not exist - then this.dao.addNew(user) (you already have this)
if user does exist - update forum_users.username and jforum.user_email to match SSO.

Also you should probably disable "Register Information" section of profile management page when SSO is ON.

[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
when SSO is on instead of "Register Information" section of profile management put a link to SSO management page (you already have such URL - sso.redirect, just add some teturnPath there)
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I propose to extend existing sso.redirect functionality for simplification of SSO integration.

External program pointed by sso.redirect should accept 2 parameters action= and returnPath= of similira meaning of jforum.

In few places, where sso integration is required we put a link to this program.
There few such places need to be modified.

When SSO is enabled we put following links (here I assume the uiser ID is 2222)

1. Send private message
(what we already have now - http://www.coderanch.com/t/575167 )
sso.redirect+"?"+ action=login & returnPath=/pm/sendTo/2222.page
here is just slightly modified URL convention compared to http://www.coderanch.com/t/575167

2. Top link "Edit user profile" (shown to registered users)
On this page instead of "Register Information" section of the profile put a link to
sso.redirect+"?"+ action=edit & returnPath=/user/edit/2222.page

3. Top link "login" (shown on top of all pages shown to anonymous)
sso.redirect+"?"+ action=login & returnPath=/

4. Top link "register" (on top of all pages shown to anonymous)
sso.redirect+"?"+ action=insert & returnPath=/

Looks this is it. No more places to modify (correct me if I missed something).
This way SSO integration would be greatly simplified.
A user just implements authorization class and make a script sso.redirect
(or a set of scripts, it is easy to redirect requests based on form parameters)
which does actual login and account creation for internal users list.


[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And also, you can simplify templates logic. You can remove all sso checks from there!!!

You can just do this:
by default (when sso is disabled) have sso.redirect set to /jforum/jforum.page
and all these these four links would be regular jforum user management links.

When you use sso - set sso.redirect to the name of external program which does login and registration. And only account-management related links will change. And the look of jform would be the same regardless of whether SSO is enabled or disabled.

Also, if such broad sso.redirect usage is accepted it may be a good idea to rename sso.redirect to some more general, like
accountmanagementlink
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is one more place , #5

5. lost password link
sso.redirect+"?"+ action= lostPassword & returnPath=
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And #6 is logout
sso.redirect+"?"+ action= logout & returnPath=/
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Let me see if I understood it correctly: for the "My Profile" page, the section "Register Information" will contain only a link to "sso.redirect" in the place of user, email and password fields, while the rest of the page we keep as is. Then, if the user click in the sso.redirect link, it will open the webpage in question and and back to returnPath (which will be the My Profile Page).

Is that what you mean?

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Rafael Steil wrote:Let me see if I understood it correctly: for the "My Profile" page, the section "Register Information" will contain only a link to "sso.redirect" in the place of user, email and password fields, while the rest of the page we keep as is. Then, if the user click in the sso.redirect link, it will open the webpage in question and and back to returnPath (which will be the My Profile Page).

Is that what you mean?

Rafael



Yes.

In addition to this change (#1), which is the most important, I suggest jforum put a link to sso.redirect in few other places (with action and returnPath parameters). Specifically:
2. login
3. register
4. logout (Some code similar to one in the patch http://www.coderanch.com/t/575167 to net/jforum/view/forum/common/ViewCommon.java may be needed in UserAction.logout() )
5. lost password
6. private messages (you already have this from http://www.coderanch.com/t/575167 patch, but some parameter adjustment may be needed)

This way you can have a very simple SSO integration on web link level.
To use SSO a user should just:
1. enable SSO in jforum
2. implement sso.redirect script which does login/register/forgot password/ etc. actions.

This, from my opinion, would simplify SSO integration a lot.


[originally posted on jforum.net by mal]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Great idea! I have a site with pre-existing struts actions which fulfill most of these use cases. The proposed changes would make SSO integration a snap.
[originally posted on jforum.net by Anonymous]
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!