• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSO question

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
it seems as if the property
sso.implementation=net.jforum.sso.CookieUserSSO

refers to a class which doesn't exist, net.jforum.sso.CookieUserSSO is nowhere to be found in the JForum package. Can this have something to do with it?
[originally posted on jforum.net by bubblare]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So if I've understood it correctly, I have to provide the CookieUserSSO myself. Here's my #authenticateUser method



As you can see I am not using any external classes, only standard java libraries and JForum classes. I do not have access to any DaoManagers or entity classes from the project I am implementing JForum in - is it still possible to use the SSO?
[originally posted on jforum.net by bubblare]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When using SSO, does a user who is logged in from another context get his/her display name shown in JForum as well? I currently have SSO enabled but as soon as I use JForum it says that I am logged in as "anonymous". Also, will the logged in username be shown under "Who is online" in JForum when using the SSO cookie?

My current login.jsp cookie creation code looks like this:

and SystemGlobals.properties


Is there anything I have forgotten to set here to get basic cookie based SSO working?

Thanks!
[originally posted on jforum.net by bubblare]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Okay so I rewrote some of my SSO implementation class, it seems as if the Wiki entry example code is deprecated and doesn't play well with the latest version of JForum. Here's the new SSO implementation class CookieUserSSO.java

Still no luck in getting it to work though




[originally posted on jforum.net by bubblare]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Great, one step closer to getting JForum to work - now I'm receiving the exception..



I have gone through 3 versions of the Connector/J driver by now, but to no prevail (the local JForum version, an older version, and the latest Connector/J version).


[originally posted on jforum.net by bubblare]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It seems as if when I add the following property



ConfigLoader#loadDaoImplementation throws this exception.


[originally posted on jforum.net by bubblare]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Great, now it finds my cookie because I set the
cookie.name.data = JforumSSO (instead of sso.cookie.name which is in the documentation).

But I am still logged in as anonymous, even though ControllerUtils finds my Cookie!

Any ideas?
[originally posted on jforum.net by bubblare]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok, it finds your cookie, but it detects you as a valid user?

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't know which method checks for valid users Rafael, but what really throws me off is the following if statement in ControllerUtils#checkAutoLogin(UserSession userSession)



Why would it check for all three cookie types (cookie, hashCookie and autoLoginCookie) ?? In the documentation it clearly says that you only have to rename sso.cookie.data which I set to JforumSSO.
It says nothing about setting cookie.name.autologin and cookie.name.userHash.

[originally posted on jforum.net by bubblare]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is a working modified version of the cookie sso example: https://coderanch.com/t/576580 .
To get it working i only modified the example login object, no issues with parameters in SystemGlobals.properties encountered.

I had a cookie related issue too (can't find/load cookie created by the "main" app in the sso pool) , but i solved it simply by forcing "/jforum/" path the cookie on creation (as far as i can remember request doesn't contains cookie with path above the current directory).

I don't know which method checks for valid users Rafael, but what really throws me off is the following if statement in ControllerUtils#checkAutoLogin(UserSession userSession)



public boolean isSessionValid(UserSession userSession, HttpServletRequest request) ;


[originally posted on jforum.net by Jules]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think I've found the problem, and its in

ControllerUtils#refreshSession()

The method starts with


If the UserSession object is null JForum will never lookup the SSO implementation, and my UserSession object is always null since I can't share sessions in between applications (my own application and JForum).
Hopefully I can code my way around this.

I read through your code and got some pointers Jules, thanks!

[originally posted on jforum.net by bubblare]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am folowing the instructions in http://www.jforum.net/doc/SSOcookies to set up the log on to use cookie for SSO. However, after setting up
sso.implementation=net.jforum.sso.CookieUserSSO in SystemGlobals.properties I am getting a CassNotFoundException on CookieUserSSO. I understand that I DO NOT have to write it myself, since it I am NOT folowing "Implementing your own SSO class". So is that an error?

Ane help would be appreciated

[originally posted on jforum.net by shlomo]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is a mistake in the documentation. JForum does not provide such implementation.

I upgraded the docs to clarify this.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear forum members!

I'm just struggling with the integration of Jforum with my JSP application.

As far as I see I'm currently in a similar situation like Bubblare was in last December: I have some SSO implementation* which seems to do something (or at least it doesn't throws any exception), but finally I'm logged in as anonymous and no new user account is created in the Jforum database.

I'd like to ask whether you Bubblare or anybody else succeeded to set up a working SSO integration.

* Unfortunately I can't program in Java, however I tried to set up an SSO implementation based on the given examples and forum postings. Instead of cookies I try to pass the username to Jforum in a request parameter.

The source package I work with is 2.1.7b3. Here is my SSO code (based on RemoteUserSSO):


So if anybody of you has a really working SSO example, could you please share it?

Thank you in advance!

[originally posted on jforum.net by azimut]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In general, there is no standard for Single Sign On, so there is no "one size fits all" / no coding involved solution.

The closest thing to a "standard" is the probably the HTTP server standard of the REMOTE_USER environment variable. (which the RemoteUserSSO class uses). This assumes that your web server will handle authentication and pass on the validated user id as the REMOTE_USER environment variable. However, this is considered by many to be an unsecure way of doing things.

So this means that there are a lot of different way that are used to do SSO/track user validation and not of them are exactly the same.

[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,
I'm struggling to get SSO to work as well. The sample implementation on the web site seems to be out dated for JForum v2.1.7.

http://www.jforum.net/doc/ImplementSSO.

Assuming that the web server will handle authentication and pass on the user info in a cookie. Could you provide sample (fragment) code to demonstrate how to implement my own SSO class (with v2.1.7) where it will assign the correct screen name and email address for the sign in user?

many thanks!
Terry


01 package net.jforum.sso;
02
03 import javax.servlet.http.HttpServletRequest;
04 import javax.servlet.http.HttpSession;
05 import javax.servlet.http.Cookie;
06
07 import net.jforum.ActionServletRequest;
08 import net.jforum.ControllerUtils;
09 import net.jforum.entities.UserSession;
10 import net.jforum.util.preferences.ConfigKeys;
11 import net.jforum.util.preferences.SystemGlobals;
12 import net.jforum.JForum;
13
14 // Import any other class you may need
15
16 import org.apache.log4j.Logger; // I use log4j
17
18 public class MyUserSSO implements SSO { // you must implement met.jforum.sso.SSO
19
20 static final Logger logger = Logger.getLogger(MyUserSSO.class.getName()); // init logging
21
22 public String authenticateUser(ActionServletRequest request) { // required method
23 UserVO user = new UserVO();
24 Cookie myCookie = ControllerUtils.getCookie("auto-login"); // my app login cookie
25
26 if (myCookie != null) {
27 DAOManager manager = new JndiDAOManager(); // my apps database
28 UserDAO userDAO = manager.getUserDAO(manager.getConnection());
29 user = userDAO.getUser(HexTool.hexToString(myCookie.getValue()));
30 manager.close();
31 } else
32 return null; // no cookie found
33
34 if (user.isDisabled()) {
35 logger.warn("***DISABLED_ATTEMPT on Forum: "+user.getUsername()); // log disabled attempt.
36 return null;
37 }
38
39 HttpSession session = JForum.getRequest().getSession();
40 session.setAttribute("password", user.getPassword()); // set correct password
41 session.setAttribute("email", user.getUsername()); // and email address (my username)
42 ControllerUtils.addCookie("JforumSSO",user.getScreenName(), myCookie.getMaxAge()); //refresh
43
44 return user.getScreenName(); // jforum username
45 }
...





monroe wrote:In general, there is no standard for Single Sign On, so there is no "one size fits all"

/ no coding involved solution.

The closest thing to a "standard" is the probably the HTTP server standard of the REMOTE_USER

environment variable. (which the RemoteUserSSO class uses). This assumes that your web server will

handle authentication and pass on the validated user id as the REMOTE_USER environment variable.

However, this is considered by many to be an unsecure way of doing things.

So this means that there are a lot of different way that are used to do SSO/track user validation and

not of them are exactly the same.


[originally posted on jforum.net by tcheung]
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic