What you want can be done because I've done it integrating jForum with our application. More details below:
Can SSO associate a newly created user with a runtime associated group?
A lot depends on how you're users and groups are defined, etc. But the basic answer is yes, with some coding. Mapping user info with jForum user info is fairly straight forward.
Mapping groups depends on how "tightly" you want them integrated and what your specific needs are. For example, it's easy to say: If an SSO user does not exist in jForum, then create a matching user and based on the current state of that users remote groups, add them to matching jForum groups.
But if you want tighter integration that allows jForum to know when the SSO users' groups/info changes, you will need to delve into the various User and Group DAO implimentations and do your own linkage. How hard this is depends on how good you are at mucking about in other folks code.
Can the forum/user be allocated a style sheet?
The easiest way to link a forum into an existing "site" is to use an iframe to display just the forum listing info and wrap it with your sites "style". It's easy to edit the jForum templates to eliminate the navigation you don't want, set the general style to a neutral tone that will fit with most sites.
The next possibility is to modify the templates and calling actions to include enough info to determine which style sheet to include in the template header.
What is not possible now, but will be in the future, is to specify a different set of template files on a per category/forum level.
Is it possible to have users of one forum be completely unaware of the existence of another forum on the JForum installation?
Yes, and the security model also supports this. However, the admin functions currently are not very user friendly for maintaining forum level security (everything is done by groups). It's possible it just takes some forethought and admins that understand exactly what they are doing.
Can the users be denied access to SSO defined settings (such as username/password/style sheet?
The quick way to do this is to edit the templates and remove any navigational links you don't want them to see. If you are tightly integrated with your own DAO stuff, it's possible just to throw exceptions on the "add" or "update" functions and force admins and users who find the back doors to use the main application's function.
How easy this is depends a lot on your specific application security layout and how good your
Java skills are.
[originally posted on jforum.net by monroe]