posted 15 years ago
A lot depends on your application needs. In general, if you have a small number of fairly static groups that you need to map to jForum groups, then handling it in the SSO implementation is fine. Just use the existing DAO structure to add the user to the matching jForum group.
One thing to think about is if you want the SSO system to validate group membership with each call. E.g., removing people from jForum groups when they are removed from the overall application group.
Take a look at the admin UserAction.groupsSave method for details on how to do this. Note that you will also have to deal with the SecurityRepository, e.g. removing the user so that it is refreshed with the new info.
On the other hand, if you have a large number of dynamic application groups that you need to map into jForum groups, then you probably want to look at writing your own DAO implimentations. This lets you populate the user and group entity objects with info from your main application mixed with jForum tables.
Be warned that this is not for the faint of heart. There are a lot of little "fiddly bits" that need understood and planned for.
[originally posted on jforum.net by monroe]