On JForum Documentation --> Configuring JForum Single Sign-On section there are following statements
rum uses an SSO interface which provides two methods, authenticateUser() and isSessionValid().
* when a user visits JForum, SSO calls the authenticateUser() method, which simply returns the username or null.
* if a username is returned JForum will check to see if there is a matching JForum userid.
* if a matching JForum userid is not found, one is created on the fly.
* the user is then logged in to JForum.
* if null was returned the user will be set as 'Anonymous'.
* if an 'Anonymous' user attempts to access a restricted area on the forum they will be redirected to your login page, with a return path parameter to send the user to the correct forum page once logged in.
My question is I can understand that "when user visits JForum, SSO calls the authenticateUser() method which simply returns the username or null", but
SSO calls on WHO? which object? if it is a database store object or whatever, how can I insert the userName in there?
The best way to fully understand this is to look at the checkSSO code in the ControllerUtils and the SSOUtils methods. Also look at the SSO implimentations that are supplied with the code.
FWIW, the authenticateUser method can also be used to create jForum user table entries, prior to the check to see if it exists. So, if you have a way to look up more information about a user, you can duplicate the SSOUtils register method in your SSO code to save a jForum user with more information. [originally posted on jforum.net by monroe]
thanks for the answer, but we might not need to integrate the project in the source code level.
my problem is that we have a existing website, and it has User Registration function already.
and we have our User Table as well. Can we let the SSO get the userName and password from
this existing User Table?? Many thanks
You have to understand that with user integration there are actually three main areas:
1) User Authentication (UA) - Is this user a valid user or not?
2) User Information (UI) - What is the user's real name, e-mail, signature, avatar, and the like.
3) User Access Rights (UAR) - What groups does the User belong too.
In order for jForum's built in security to work (UAR), there needs to be an entry in the jForum users table. Also, for the forums to display info about the poster (UI), there also needs to be a user database entry.
With the default SSO, the design is oriented to managing UA only. jForum UI is different from the authentication source UI. Each has it's own ways that users can change this.
However, most sites don't want to have two places for people to manage their UI. So, some decisions have to be made about how to do this. The easiest, IMHO, is to use the authenticate user method to map and synchronize data between the two UI sources. E.g., decide which information is managed where.
In the case of another "UI" db table, this means you need to have an SSO implementation that not only verify who the user is, but also maps your user DB entry to jForum's user entry and synchronized the data by either creating a new entry or updating an existing one.
FWIW, the quick way to keep people from updating things in jForum that need to be updated in your application is to modify the profile template and remove the fields you don't want them to update.
To be complete, there is another option that jForum supplies for UA. If you don't want SSO, i.e. people log in to your app with your login screen and to jForum using jForum's login screens, you can use the LoginAuthenticator interface. This gets called by the jForum login screens. You'll still need to figure out your UI strategy for this, too.
but still want shared UA [originally posted on jforum.net by monroe]
dear monroe , thanks a lot for well explained information.
to sum up what you said:
in order to make UA and UI working I need do the following
1> making SSO working
2> make my own implementation of SSO
3> within the new implementation, do the mapping between my existing DB and jforum's DB
4>everytime new user registered using or existing registration form, the same userName/Password/email
needs to be inserted into both existingDB and jforum'sDB?? so the new user could be recongnized and
Again thank you so much for your time monroe!! [originally posted on jforum.net by shanyangqu]
What is that? Is that a mongol hoarde? Can we fend them off with this tiny ad?
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop