here i have tried to provide an example of how I implemented jforum SSO.
I am not a guru and have no other experience of jforum. This seems to be something people wan't to do often and can seem a bit confusing at first.
There are some wiki docs and useful threads you can read (jforum search for SSO) but the source code is the most useful documentation at present ;)
-Mark.
what's SSO?
--------------
JForum provides a simlpe SSO facility which allows jforum to be easily integrated with existing auth[orisation|entication] systems, typically a web-app that already supports user login.
how is SSO implemented
------------------------------
you create a class that implements the SSO interface, which has two methods - one to authenticate the user, and one to check the session is valid; called authenticateUser() and isSessionValid() (funnily enough).
There are also a few properties in the SystemGlobals that need to be changed..
how does JForum SSO work
-----------------------------------
when a user visits Jforum, SSO checks to see if the user is logged in (on your app) using the authenticateUser() method, which simply returns the username. If a username is returned Jforum will check to see if there is a matching jforum userid.
If there is not an existing JForum userid, one is created on the fly. the user is then logged in to jforum.
All the Jforum login/logout/register/password retreival stuff will be removed from the JForum menus.
If the user is not logged in on your app and trys to access a restricted area on the forum they will be redirected to your apps login page - with a path parameter so you can send the user back to the right forum page once logged in.
SSO manages various use case scenarios, such as user changeing id etc, using the isSessionValid() mehtod.
How to get it
--------------
You need 2.1.5 (currently cvs) to use SSO.
How ro run it
---------------
my setup is Apache -> mod_jk ->
tomcat -> postgres. I run my app on a virtual host, under context '/' and JForum uses '/forum'. I have the tomcat /manager app installed for restarts/redeploys etc. I don't use webapps dir or do any cross-context stuff.
If you use HTTP authentication in your app then the default authenticator net.jforum.sso.RemoteUserSSO.java can be used, but it dosen't automatically pass the users email/password details (see example below how to do this). There is also a logic bug - the final 'return false' in isSessionValid() should read 'return true' or else you will be creating a new session with every request.
The automatic registration process will work fine without the email and password session parameters, but the users email address will be
sso@user.com. u can change this in the SystemGlobals.
I don't use HTTP auth and so created my own SSO class, net.jforum.sso.AmbrosiaUserSSO.java below, which uses my existing login cookie to authenticate.
Whatever authentication you use, the example below should make things a bit clearer, your milage may vary.
if you already have a login cookie with the username you're practically finished! - in my case I had to do some kludging with a 'shadow' cookie (JforumSSO) to hold the username as I use email address in my cookie.
My login cookie is always set maxAge -1 (session) unless the user has selected 'keep me logged in' in which case its a year.
I refresh the JforumSSO cookie automatically in authenticateUser() to prevent the case of forum not being logged in while app is logged in (e.g. if user deletes JforumSSO cookie)
I overloaded the ControllerUtils addCookie() method to accept an expiration parameter (maxAge).
I implemented the add/remove of JforumSSO cookie in my apps login and logout actions.
I wanted the users email and password in their forum profile so I do a lookup on my user database in the authenitcateUser() method. I jar'd up needed classes from my app and placed in the JForum WEB-INF/lib folder.
in net.jforum.view.forum.common.ViewCommon.java update the contextToLogin() method if needed - the redirect is for when un-authenticated users try to access restricted jforum page.
i added an error message and URLencoded the return page cos request parameters were going missing. i also dropped the getContext() guff cos i run my app and jforum on different contexts.
make sure the following SystemGlobals.properties are set correctly:-
authentication.type=sso
sso.implementation = net.jforum.sso.MyUserSSO //your classname
sso.password.attribute = password
sso.email.attribute = email
sso.redirect =
http://mysite.com/login.jsp //I use full url, you may not need to.
now rebuild and deploy, login to your app, visit forum and look in your profile to check things are working as expected.
handy other things
--------------------------
after registration confirmation myapp sends the user to a welcome post on the forum. This creates the forum account automatically with correct date/time and also makes the user immediatelly availble for receiving Private Messages.
if you provide a simple method for getting the Jforum user's userid from the jforum database, you can present the correct 'my profile' and 'my bookmarks' urls in your main-site menus (the others will work already.
If you want to go further and do things like display recent topics within your app's pages, or do sign-on integration from your app rather than jforum, then there's some excellent code
here, written by Time, that's worth looking at.
[originally posted on jforum.net by Anonymuos]