aspose file tools*
The moose likes JForum and the fly likes A problem when using a cookie for SSO Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "A problem when using a cookie for SSO" Watch "A problem when using a cookie for SSO" New topic
Author

A problem when using a cookie for SSO

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
I'm using JForum 2.1.8, and integrated it into my web application. I use cookie for SSO. I define cookie properties in SystemGlogbal file as follows:
cookie.name.data = jforumUserId
cookie.name.user = JforumScreenName
cookie.name.autologin = jforumAutoLogin
cookie.name.userHash = jforumUserHash
cookie.name.uid = JforumUID

cookie.name.loggedin = JforumLoggedIn
cookie.name.screenname = JforumScreenName
cookie.name.email = JforumEmail
cookie.name.lang = JforumLang
cookie.name.role = JforumRole

When I login my main web application, I open the cookie and can see the cookie has these properties and the values are correct. However, when I go to JForum and post message, the user is always "Anonymous". When I use admin account of my main web application to login, and then go to JForum, it throws an error:"Registration of new users is disabled."

What's problem with this issue? How to resolve it?

Thanks a lot!

Collin
[originally posted on jforum.net by collin_chu]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Can you explain more about what you mean about "Cookies" for SSO?

Only a few of the config file parameters you list are jforum parameters.. and AFAIK these just change the names of the cookies that jForum uses/looks for.

Do you have your own jForum SSO implimentation defined? Or are you trying to set the cookies in your application and calling jForum? Are they on the same machines or different ones (cookies may not be sent to different domains or hosts...). Do you have auto login enabled as well.

[originally posted on jforum.net by monroe]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Has found the reason. It is caused by the main application. When the main application creates the cookie, it doesn't hash one parameter's value, but in CookieUserSSO.java of JForum, we hash this value, then these two values cannot match.
[originally posted on jforum.net by collin_chu]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
What was your solution? I am a similar problem when I turned on the sso implementation for login. I can no longer insert new users through the ACP. The register new users tag is set to TRUE in the configuration as well.
[originally posted on jforum.net by bh67kph]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Having SSO enabled means that your main application will be handling the creation of users and not jforum. The SSO process will create jforum user entries as valid users connect. So, when you have SSO enabled, user creation is disable for everyone, including the admin.
[originally posted on jforum.net by monroe]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: A problem when using a cookie for SSO
 
Similar Threads
Jforum integration problem with SSO
SSO /redirect / anonymous users
CookieSSO - Not working
Using JForum SSO - a kludger's tale
SSO prohibits Registration,login for all - How admin can access Admin control panel