Win a copy of Spring in Action (5th edition) this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

Newbe SSO help  RSS feed

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


Hi guys,

I just installed JForum and got it to work just fine. BUT, since I want it to be part of another website I need to have SSO working

I don't know much about cookies so I decided to go for the RemoteUserSSO. Thus, in my /SomeApp/login.jsp I set:


But when I login and click the link to /JForum it always logs me in as Anonymous

Can someone help?

THANKS!!!
[originally posted on jforum.net by cope]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anyone???
[originally posted on jforum.net by cope]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you try doing a search of this forum? There are many posts about this subject ...
[originally posted on jforum.net by GatorBait3]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Believe it or now, yes I did...

IMHO, this SSO shouldn't be this hard...
[originally posted on jforum.net by cope]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are a couple of major flaws in your methodogy...

First, I assume that your app is running in a different webapps than jForum. If so, then the session object for your app is totally separate from jForum's session object. Setting attributes in one will not "magically" make them appear in another.

Second, the RemoteUserSSO code is based on the J2EE standard implementation of how to deal with the HTTP CGI server standard for authentication. I.e., if your web server has authentication (e.g. Apache .htaccess files), it will set a Remote_User environmental variable to the authenticated user id.

With J2EE, this variable is available in two places. First, as the env. var. and second via a generic user "Principal" object that can be obtained from the request object. The RemoteUserSSO checks for the Principal method and uses this to create a matching jForum user / set authentication.

This is useful when the web server is handling authentication. One common case is using the JSP web.xml security criteria tags with Tomcat's built in "Realm" and Single Sign On mechanisms.

So, even if the session attributes were available, the RemoteUserSSO code knows nothing about them and will do nothing with them.

That said, check my bookmarks for a several of the better SSO threads.

Also, just curious, do you have an example of an application that makes SSO easy + very flexible in the diverse application centric authentication landscape the world is made of? Always nice to see what others have done with this problem.
[originally posted on jforum.net by monroe]
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!