• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

A problem when using a cookie for SSO

 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm using JForum 2.1.8, and integrated it into my web application. I use cookie for SSO. I define cookie properties in SystemGlogbal file as follows:
cookie.name.data = jforumUserId
cookie.name.user = JforumScreenName
cookie.name.autologin = jforumAutoLogin
cookie.name.userHash = jforumUserHash
cookie.name.uid = JforumUID

cookie.name.loggedin = JforumLoggedIn
cookie.name.screenname = JforumScreenName
cookie.name.email = JforumEmail
cookie.name.lang = JforumLang
cookie.name.role = JforumRole

When I login my main web application, I open the cookie and can see the cookie has these properties and the values are correct. However, when I go to JForum and post message, the user is always "Anonymous". When I use admin account of my main web application to login, and then go to JForum, it throws an error:"Registration of new users is disabled."

What's problem with this issue? How to resolve it?

Thanks a lot!

Collin
[originally posted on jforum.net by collin_chu]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you explain more about what you mean about "Cookies" for SSO?

Only a few of the config file parameters you list are jforum parameters.. and AFAIK these just change the names of the cookies that jForum uses/looks for.

Do you have your own jForum SSO implimentation defined? Or are you trying to set the cookies in your application and calling jForum? Are they on the same machines or different ones (cookies may not be sent to different domains or hosts...). Do you have auto login enabled as well.

[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Has found the reason. It is caused by the main application. When the main application creates the cookie, it doesn't hash one parameter's value, but in CookieUserSSO.java of JForum, we hash this value, then these two values cannot match.
[originally posted on jforum.net by collin_chu]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What was your solution? I am a similar problem when I turned on the sso implementation for login. I can no longer insert new users through the ACP. The register new users tag is set to TRUE in the configuration as well.
[originally posted on jforum.net by bh67kph]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Having SSO enabled means that your main application will be handling the creation of users and not jforum. The SSO process will create jforum user entries as valid users connect. So, when you have SSO enabled, user creation is disable for everyone, including the admin.
[originally posted on jforum.net by monroe]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic