• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Problem with my SSO Implementation

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,

I try to implement my own SSO Implementation for jForum. But it seems that I did not understand the sso mechanism from jform.

In the Method "authenticateUser(RequestContext request)"
I first check if a remote user is available



if not (sUser==null) then I redirect the user to an external site



My externalapplication authenticates the user and set application specific cookies with username and email.

But when I return the user to the jforum site the user is now known as Anonymous and I can not change the username in the method :

isSessionValid(UserSession userSession,RequestContext request)

I am able to read my cookie data, but I am unable to swich the userName.
The method authenticateUser will never be called again :-(

also I have set the global system param



but nothing will happen.
Can anybody help how to avoid an anonymous user session?
Is there any public CookieSSO Implementation?

Thanks for help
Ralph
[originally posted on jforum.net by rsoika]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The remoteuser that you try to read only is available when you use application based authentication - that is, if your webserver prompts the user with the "basic authentication" screen (some popup that asks you to enter username/password).

If you write cookies for authenticating the user, you should maybe try to read in the cookie that may be on the users' system .

Also, the reason for why the authenticate mehtod is not called again is due to the isSessionValid method. If this method returns that the user has not changed ever since the call to the authenticate method, the authenticate method will not be invoked again.

Please check monroe's bookmarks or search the forum for cookiesso. There is some neat implementations by monroe there... which also allow to add the user to specific groups etc :-)
[originally posted on jforum.net by Sid]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your answer.
I now changed the complete auth process and switched to OpenID authentication.
My SSO Implementation now completes the username by using an JNDI Lookup to my EJB Module from my main application. This works perfect! Thanks.

The OpenID Implementation I use is based on JSF196
http://blogs.sun.com/enterprisetechtips/entry/adding_authentication_mechanisms_to_the

[originally posted on jforum.net by rsoika]
 
reply
    Bookmark Topic Watch Topic
  • New Topic