Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Why is user able to change password after SSO

 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
With all available documentation I was able to set SSO using a JforumSSO cookie having username.

However, after SSO from existing application, when user is directed to jforum there is a option to edit profile. Edit profile offers ability to change password and email address which were actually populated existing application.

This results in mis-match between email and password data between my existing application and integration of forum becomes futile.

Any help would help..

Thanks..
MJ
[originally posted on jforum.net by sf_techie]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks...that helps.

It's been three days since I started working with JForum. I should share my kudos to the active team.
[originally posted on jforum.net by sf_techie]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
FWIW, the SSO mechanism is a security thing. User management is not part of it. Since this tends to be highly specific to each situation, it's up to the implimentors to deals with it as needed.

That said, the easy solution is to edit the template files to meet your needs.
One option is to simply remove the My Profile link.

A more common approach is to change the profile form to disable/hide the items you don't want to uses to change. FWIW, the user_form.htm is the template for the latter option.

Generalized code contributions to improve stuff is always welcome.
[originally posted on jforum.net by monroe]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic