• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Paweł Baczyński
  • Piet Souris
  • Vijitha Kumara

SSO and Avatars

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As I ponder moving to SSO in the next release, I wonder what happens with Avatars and profiles in general.

It is my understanding that if I tell JForum to use SSO, then login, logout, register new user, and profile are all disabled, which makes good sense.

However, what does JForum do about the avatar? And other user info for that matter.
[originally posted on jforum.net by time]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So the user can still change their email address in JForum?

This is a problem for my app, since email is the key for login and user lookup. If the user changes the email address in JForm, everything will be out of sync. In other words, email is how I look up the user in JForum.

Now that I say this, I can see another problem. The SSO expects a username to be returned. But usernames are not guarenteed to be unique. There are certainly going to be many collisions on username, unless it could be coerced into the email address. Can it?
[originally posted on jforum.net by time]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SSO is only for authentication , JForum still used jforum_users and the regular user profile / form page.

Improvements may be made for this, but it always will be necessary to have jforum_users.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

time wrote:
It is my understanding that if I tell JForum to use SSO, then login, logout, register new user, and profile are all disabled, which makes good sense.



just to clarify, only the folloiwng are disabled when using SSO:
login
logout
register
password retrieval
[originally posted on jforum.net by Anonymous]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yikes I didn't realize this. This would cause problems for me as well. I lookup the username the same way ... via email address.

Is there a simple way to modify that page so the email address can't be modified?
[originally posted on jforum.net by conquest]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Remove the field from there.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That addresses the edit, but it does not address the username issue. Do we have any insight on this issue?
[originally posted on jforum.net by time]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you implement a SSO, it is your reponsability to ensure that.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I realize that I am supposed to return a username to you. What is that username supposed to be? Anything? Can I send the email address to you as the username?
[originally posted on jforum.net by time]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The username returned is the one that will be recored to jforum_users, if a matching record is not found - in other words, it should be a unique username. And yes, you can use the email address, but then that's will be the username shown in the forum.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Even if we removed the link from the edit profile page a smart user could still add the username field back and change it.

There's nothing from the server side preventing this.

This goes for the password as well.
[originally posted on jforum.net by conquest]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Indeed, this should be improved.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes I'm sure you're overwhelmed with this system, just pointing out the obvious :-)

We all certainly appreciate your efforts!
[originally posted on jforum.net by conquest]
 
I knew I would regret that burrito. But this tiny ad has never caused regrets:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!