wood burning stoves 2.0*
The moose likes JForum and the fly likes Why is user able to change password after SSO Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "Why is user able to change password after SSO" Watch "Why is user able to change password after SSO" New topic
Author

Why is user able to change password after SSO

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
With all available documentation I was able to set SSO using a JforumSSO cookie having username.

However, after SSO from existing application, when user is directed to jforum there is a option to edit profile. Edit profile offers ability to change password and email address which were actually populated existing application.

This results in mis-match between email and password data between my existing application and integration of forum becomes futile.

Any help would help..

Thanks..
MJ
[originally posted on jforum.net by sf_techie]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Thanks...that helps.

It's been three days since I started working with JForum. I should share my kudos to the active team.
[originally posted on jforum.net by sf_techie]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
FWIW, the SSO mechanism is a security thing. User management is not part of it. Since this tends to be highly specific to each situation, it's up to the implimentors to deals with it as needed.

That said, the easy solution is to edit the template files to meet your needs.
One option is to simply remove the My Profile link.

A more common approach is to change the profile form to disable/hide the items you don't want to uses to change. FWIW, the user_form.htm is the template for the latter option.

Generalized code contributions to improve stuff is always welcome.
[originally posted on jforum.net by monroe]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Why is user able to change password after SSO