I've got my Jforum2 site set up and running. Now I'd like to set up a SSO with my main site.
I've been poking around the documentation and the net.jforum.sso.* source, and it looks like I might be able to use the cookie sign-in scheme. But before I dive into hacking up my web site, I wanted to make sure I have a reasonable understanding of how it's supposed to work.
I gather that the net.jforum.sso.CookieUserSSO class simply looks for cookie (JforumSSO by default) that contains the user name of the currently logged in user. If it does, that user is either automagically logged in or gets spontaneously created.
My two sites are at www.mydomain.com and jforum.mydomain.com.
Therefore, and if I'm reading RFC 6265 correctly, I *should* be able to have the login page on the www.mydomain.com set a cookie (Set-Cookie: JforumSSO=johndoe@gmail.com; domain=mydomain.com) when the user logs in, and the jforum.mydomain.com request should include that cookie, allowing net.jforum.sso.CookieUserSSO to work its magic.
If that's correct, I'm ready to get started. If that's not correct, could someone explain this to me (as if I were a child).
Thanks!