• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

A problem when using a cookie for SSO

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm using JForum 2.1.8, and integrated it into my web application. I use cookie for SSO. I define cookie properties in SystemGlogbal file as follows:
cookie.name.data = jforumUserId
cookie.name.user = JforumScreenName
cookie.name.autologin = jforumAutoLogin
cookie.name.userHash = jforumUserHash
cookie.name.uid = JforumUID

cookie.name.loggedin = JforumLoggedIn
cookie.name.screenname = JforumScreenName
cookie.name.email = JforumEmail
cookie.name.lang = JforumLang
cookie.name.role = JforumRole

When I login my main web application, I open the cookie and can see the cookie has these properties and the values are correct. However, when I go to JForum and post message, the user is always "Anonymous". When I use admin account of my main web application to login, and then go to JForum, it throws an error:"Registration of new users is disabled."

What's problem with this issue? How to resolve it?

Thanks a lot!

Collin
[originally posted on jforum.net by collin_chu]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can you explain more about what you mean about "Cookies" for SSO?

Only a few of the config file parameters you list are jforum parameters.. and AFAIK these just change the names of the cookies that jForum uses/looks for.

Do you have your own jForum SSO implimentation defined? Or are you trying to set the cookies in your application and calling jForum? Are they on the same machines or different ones (cookies may not be sent to different domains or hosts...). Do you have auto login enabled as well.

[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Has found the reason. It is caused by the main application. When the main application creates the cookie, it doesn't hash one parameter's value, but in CookieUserSSO.java of JForum, we hash this value, then these two values cannot match.
[originally posted on jforum.net by collin_chu]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What was your solution? I am a similar problem when I turned on the sso implementation for login. I can no longer insert new users through the ACP. The register new users tag is set to TRUE in the configuration as well.
[originally posted on jforum.net by bh67kph]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Having SSO enabled means that your main application will be handling the creation of users and not jforum. The SSO process will create jforum user entries as valid users connect. So, when you have SSO enabled, user creation is disable for everyone, including the admin.
[originally posted on jforum.net by monroe]
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic