This week's book giveaway is in the Agile forum.
We're giving away four copies of Fixing your Scrum and have Ryan Ripley & Todd Miller on-line!
See this thread for details.
Win a copy of Fixing your Scrum this week in the Agile forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Rob Spoor
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Holloway
  • Piet Souris
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Frits Walraven
  • Himai Minh

SSO integration

 
Greenhorn
Posts: 3
Google Web Toolkit IntelliJ IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I've been struggling with integrating JForum into my webapp in the context of SSO.

I understand the different SSO implementations listed in the codebase and in this wiki (e.g.https://coderanch.com/t/577843/jforum/RemoteSSO#2628860). However, I'm still left with a couple of open questions:

1 - The two attributes configured by sso.email.attribute and sso.password.attribute in systemGlobals (which are used by JForum to update the user info if the user doesn't exist)
i. why does JForum need to store the password of a user that's being managed outside of JForum (SSO)
ii. does it have any effect on the functionality if I decide to use 'default user email' == sso@user string instead of supplying the email as a session attribute
iii. does it have any effect on the functionality if I decide to use 'default password' == sso string instead of supplying the password as a session attribute

2 - Using SSO to set group permissions to users
i. I saw a couple of implementations which assign the groups to the newly created user in the 'authenticate' method, is that the best practice to do that ? what if the user has changed group in the original application while already signed in to JForum, I guess that for this to work I need also to check group assignment in 'isSessionValid function right ?


To whom it may concern (Rafael probably :-)) two enhancement requests that I can think of with the SSO integration is:

1 - Expose in SSO interface specific API to assign user to group so that it won't look like a hack within authenticate method...
2 - drop the two session attributes and instead expose in SSO interface specific API to get email and password while supplying the request, in my case I store an Object on the session and the integration with JForum forces me to store also the two strings email and password on the session, this affects the session that's accessible all over my webapp... JForum doesn't need to force me storing the user details in a specific manner on the session, all it needs is to ask me to extract it for him from the request...

your help on this is appreciated,

thanks,
Me.
 
Then YOU must do the pig's work! Read this tiny ad. READ IT!
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic