User profile template & SSO

When SSO is "on" it is often pointless to show what is called
"Register Information" in profile template: /jforum/user/edit/2.page
There should be an option to disable this section (the "Register Information" one)

[originally posted on jforum.net by Anonymous]

I am sure about this, but looking at the code looks like there is no synchronization between SSO and jforum_users for e-mail and screen name.

I think the easiest way to fix this - during login (and possible during other times)
update jforum_users to set username and user_email to ones from SSO.
So the code login will include this:

if user does not exist - then this.dao.addNew(user) (you already have this)
if user does exist - update forum_users.username and jforum.user_email to match SSO.

Also you should probably disable "Register Information" section of profile management page when SSO is ON.

[originally posted on jforum.net by Anonymous]

when SSO is on instead of "Register Information" section of profile management put a link to SSO management page (you already have such URL - sso.redirect, just add some teturnPath there)
[originally posted on jforum.net by Anonymous]

I propose to extend existing sso.redirect functionality for simplification of SSO integration.

External program pointed by sso.redirect should accept 2 parameters action= and returnPath= of similira meaning of jforum.

In few places, where sso integration is required we put a link to this program.
There few such places need to be modified.

When SSO is enabled we put following links (here I assume the uiser ID is 2222)

1. Send private message
(what we already have now - https://coderanch.com/t/575167 )
sso.redirect+"?"+ action=login & returnPath=/pm/sendTo/2222.page
here is just slightly modified URL convention compared to https://coderanch.com/t/575167

2. Top link "Edit user profile" (shown to registered users)
On this page instead of "Register Information" section of the profile put a link to
sso.redirect+"?"+ action=edit & returnPath=/user/edit/2222.page

3. Top link "login" (shown on top of all pages shown to anonymous)
sso.redirect+"?"+ action=login & returnPath=/

4. Top link "register" (on top of all pages shown to anonymous)
sso.redirect+"?"+ action=insert & returnPath=/

Looks this is it. No more places to modify (correct me if I missed something).
This way SSO integration would be greatly simplified.
A user just implements authorization class and make a script sso.redirect
(or a set of scripts, it is easy to redirect requests based on form parameters)
which does actual login and account creation for internal users list.


[originally posted on jforum.net by Anonymous]

And also, you can simplify templates logic. You can remove all sso checks from there!!!

You can just do this:
by default (when sso is disabled) have sso.redirect set to /jforum/jforum.page
and all these these four links would be regular jforum user management links.

When you use sso - set sso.redirect to the name of external program which does login and registration. And only account-management related links will change. And the look of jform would be the same regardless of whether SSO is enabled or disabled.

Also, if such broad sso.redirect usage is accepted it may be a good idea to rename sso.redirect to some more general, like
accountmanagementlink
[originally posted on jforum.net by Anonymous]

There is one more place , #5

5. lost password link
sso.redirect+"?"+ action= lostPassword & returnPath=
[originally posted on jforum.net by Anonymous]

And #6 is logout
sso.redirect+"?"+ action= logout & returnPath=/
[originally posted on jforum.net by Anonymous]

Let me see if I understood it correctly: for the "My Profile" page, the section "Register Information" will contain only a link to "sso.redirect" in the place of user, email and password fields, while the rest of the page we keep as is. Then, if the user click in the sso.redirect link, it will open the webpage in question and and back to returnPath (which will be the My Profile Page).

Is that what you mean?

Rafael
[originally posted on jforum.net by Rafael Steil]

Rafael Steil wrote:Let me see if I understood it correctly: for the "My Profile" page, the section "Register Information" will contain only a link to "sso.redirect" in the place of user, email and password fields, while the rest of the page we keep as is. Then, if the user click in the sso.redirect link, it will open the webpage in question and and back to returnPath (which will be the My Profile Page).

Is that what you mean?

Rafael

Yes.

In addition to this change (#1), which is the most important, I suggest jforum put a link to sso.redirect in few other places (with action and returnPath parameters). Specifically:
2. login
3. register
4. logout (Some code similar to one in the patch https://coderanch.com/t/575167 to net/jforum/view/forum/common/ViewCommon.java may be needed in UserAction.logout() )
5. lost password
6. private messages (you already have this from https://coderanch.com/t/575167 patch, but some parameter adjustment may be needed)

This way you can have a very simple SSO integration on web link level.
To use SSO a user should just:
1. enable SSO in jforum
2. implement sso.redirect script which does login/register/forgot password/ etc. actions.

This, from my opinion, would simplify SSO integration a lot.


[originally posted on jforum.net by mal]

Great idea! I have a site with pre-existing struts actions which fulfill most of these use cases. The proposed changes would make SSO integration a snap.
[originally posted on jforum.net by Anonymous]