wood burning stoves 2.0*
The moose likes JForum and the fly likes Single sign-on Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JForum
Bookmark "Single sign-on" Watch "Single sign-on" New topic
Author

Single sign-on

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
There are hints that the new JForum 2.1 can do single sign-on. If so, that would be wonderful.

How?

(I'm using Tomcat with auth-method BASIC or FORM).

(Perhaps this is a FAQ?)

Cheers,
Per

[originally posted on jforum.net by per]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
The is a interface, net.jforum.drivers.external.LoginAuthenticator which you can implement to use your own authentication method. Probably it will not be exactly what you want, so you will need to tell me how do you expect it to be / what improvements to made, so then we can make it better for future versions.

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Here's how I think a simple and basic method for SSO (single sign-on) can be implemented.

First, this should of course be configurable, perhaps at install time. (configuration is kept in e.g. SystemGlobals.properties). Several different SSO metods can then be implemented, as requests come in from different users/integratrors. A vanilla SSO method should be provided in the first version.

When an SSO method is in effect, there's no need to look in JForum's own user database. In fact, it should then be totally ignored for authentication. (And setting a password should be disabled, of course).

Here's a rough implementation for a vanilla SSO method. Hope that you see the general idea:

The vanilla SSO method should simply call request.getRemoteUser() to get the logged-in username. That's it!

Perhaps it can also use isUserInRole("admin") to see if it is an administrator, I dunno...

Hope this helps!
Per


[originally posted on jforum.net by per]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Well, it is already configurable. Just make your own implementation of net.jforum.drivers.external.LoginAuthenticator and register it in SystemGlobals.properties, key "login.authenticator"

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
OK, but when is the LoginAuthenticator instantiated, and when are its methods setUserModel() and validateLogin() called?

If validateLogin() is called when the login' button is clicked, then that's too late. In fact, if JForum uses the vanilla SSO scheme, there should be no 'login' button at all. The user is already logged in by another web application. All JForum should do is to check if it's a new user and add the user to its own user database.

I have no idea how to implement that given the current design of LoginAuthenticator. Perhaps it's just a matter of adding documentation, but I fear that this requires some redesign...?

Cheers!
Per

[originally posted on jforum.net by per]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
So, that's "redesing" idea I want to hear from you. You can go ahead into jforum's source code and suggest architectural changes.

If you want, add me to your icq or msn contact list, if you want / have.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Single sign-on
 
Similar Threads
Servlet communication between different applications
Single Sign On
Single Sign On
single sign-on
JBOSS session sharing issue