• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Why is user able to change password after SSO

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
With all available documentation I was able to set SSO using a JforumSSO cookie having username.

However, after SSO from existing application, when user is directed to jforum there is a option to edit profile. Edit profile offers ability to change password and email address which were actually populated existing application.

This results in mis-match between email and password data between my existing application and integration of forum becomes futile.

Any help would help..

Thanks..
MJ
[originally posted on jforum.net by sf_techie]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks...that helps.

It's been three days since I started working with JForum. I should share my kudos to the active team.
[originally posted on jforum.net by sf_techie]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
FWIW, the SSO mechanism is a security thing. User management is not part of it. Since this tends to be highly specific to each situation, it's up to the implimentors to deals with it as needed.

That said, the easy solution is to edit the template files to meet your needs.
One option is to simply remove the My Profile link.

A more common approach is to change the profile form to disable/hide the items you don't want to uses to change. FWIW, the user_form.htm is the template for the latter option.

Generalized code contributions to improve stuff is always welcome.
[originally posted on jforum.net by monroe]
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic