This week's book giveaway is in the Spring forum.
We're giving away four copies of Pro Spring MVC with WebFlux: Web Development in Spring Framework 5 and Spring Boot 2 and have Marten Deinum & Iuliana Cosmina on-line!
See this thread for details.
Win a copy of Pro Spring MVC with WebFlux: Web Development in Spring Framework 5 and Spring Boot 2 this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

Why is user able to change password after SSO

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
With all available documentation I was able to set SSO using a JforumSSO cookie having username.

However, after SSO from existing application, when user is directed to jforum there is a option to edit profile. Edit profile offers ability to change password and email address which were actually populated existing application.

This results in mis-match between email and password data between my existing application and integration of forum becomes futile.

Any help would help..

Thanks..
MJ
[originally posted on jforum.net by sf_techie]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks...that helps.

It's been three days since I started working with JForum. I should share my kudos to the active team.
[originally posted on jforum.net by sf_techie]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
FWIW, the SSO mechanism is a security thing. User management is not part of it. Since this tends to be highly specific to each situation, it's up to the implimentors to deals with it as needed.

That said, the easy solution is to edit the template files to meet your needs.
One option is to simply remove the My Profile link.

A more common approach is to change the profile form to disable/hide the items you don't want to uses to change. FWIW, the user_form.htm is the template for the latter option.

Generalized code contributions to improve stuff is always welcome.
[originally posted on jforum.net by monroe]
 
Try 100 things. 2 will work out, but you will never know in advance which 2. This tiny ad might be one:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic