This week's book giveaway is in the Server-Side JavaScript and NodeJS forum.
We're giving away four copies of Node.js Design Patterns: Design and implement production-grade Node.js applications using proven patterns and techniques and have Mario Casciaro & Luciano Mammino on-line!
See this thread for details.
Win a copy of Node.js Design Patterns: Design and implement production-grade Node.js applications using proven patterns and techniques this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

SSO /redirect / anonymous users

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm using the latest jforum from csv and am implementing sso with cookies. I've written a class that implements SSO and can successfully have my app's login page set a cookie and have jforum use that cookie to create its user. The problem I am running into is if a user goes to my jforum without logging into my app first jforum automatically logs them in as Anonymous. I expected jforum to use the sso.redirect property in my jforum-custom.conf to redirect the user to my app's login page.
I am trying to make it so that jforum only allows users with the cookie set and redirects them to my login page if it is not. That way there are never any anonymous users. Is this possible?

Thanks,
Chris
[originally posted on jforum.net by cdollar]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
By "| jforum automatically logs them in as Anonymous" you mean, then show as logged as the "Anonymous" user, or they are browsing as an anonymous user?

You can't deny browsing to anonymous users

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


You can't deny browsing to anonymous users



What I did is the following:

I created a new group called "Deny all" and added the anonymous user to it. Now, if someone who has not logged on tries to view the forum, he just sees the header of the forum but no topics etc.
I'm using 2.1.7-b3.

Hope that helps.
[originally posted on jforum.net by TheSmile]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I solved this issue with my SSO mechanism .

I used some URL SSO. Adding a timestamp and encoding the username, timestamp and some other parameters that are bypassed.

On the forum those parameters are encoded again to match the cipher. If it's validated, you can analyse the timestamp if like.. more than 5 minutes have passed.

If too much time has passed or if the cipher is invalid for the parameters (or missing), the user will be redirected to a page telling him he was supposed to log in via the given page... and providing a link for the user.

That pretty much limits them a bit
[originally posted on jforum.net by Sid]
 
reply
    Bookmark Topic Watch Topic
  • New Topic