This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JForum and the fly likes Enable SSO and keep user registration active Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "Enable SSO and keep user registration active" Watch "Enable SSO and keep user registration active" New topic
Author

Enable SSO and keep user registration active

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I have integrated CAS with JForum using Acegi Security. Unfortunately, it looks like I need to have the user registered in the JForum database (so that user permissions get passed to CAS) with the way I have things set up. I am currently doing a http post of the user data from my own registration page to the JForum API which then registers the user in the JForum database. The problem is that when I set JForum to use SSO the user registration is disabled and so my post fails. So, is there a simple way to enable SSO but not have it disable the registration page?

Failing a simple solution, I think I would be looking towards editing the source code that prevents user registration when SSO is enabled. Can anyone point me in the direction of the part in the API that handles user registration? I had a quick 20 minute look but couldn't find it.

If I am doing this the wrong way then I would be happy to learn the alternatives.
[originally posted on jforum.net by klogger]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
It is the file UserAction.java, method insertSave(). However, SSO already registeres the user when he first logs in in JForum. In other words, when you enable SSO and the user who's landing on the forum does not exist in jforum_users yet, JForum will automatically create it and associate with the sso user.

Rafael
[originally posted on jforum.net by Rafael Steil]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Hi Rafael,

Thanks for the answer.

I do actually have my set up working now but it involves a couple of extra Java classes so if I am doing it wrong then I don't mind eliminating them.

I may have my understanding backwards for Acegi and CAS but I was under the impression that:

1) A user requests a page that first requires authentication and Acegi Security (which is acting as the CAS client for JForum) redirects to the CAS login page;
2) The user logs into CAS and is sent back to Acegi Security;
3) Acegi Security now checks in the JForum database to see if the user who logged into CAS has a login in the JForum database in order so that it can check their permissions;
4) If the resource the user originally requested is allowed based upon both URL and permissions (as defined in the acegi-security.xml) then Acegi Security allows access to the requested page.

I am not sure, at least in the way I have things set up, that JForum even gets a look in until the user is already authenticated and at the page that required the log in.


[originally posted on jforum.net by klogger]
 
jQuery in Action, 2nd edition
 
subject: Enable SSO and keep user registration active
 
Similar Threads
CAS + SSO
SSO in a Spring Application
Using JForum SSO - a kludger's tale
SSO one more time ;-)
SSO /redirect / anonymous users