會員註冊 / 登入  |  電腦版  |  Jump to bottom of page

Integration Forum » SSO or something like that

發表人: nihilist
10 年 前
Hello,

I have an application running on Websphere and JForum installed in a Jetty HTTPD, the two applications are on separate domain name but I need to avoid users to re-enter their login and password.
I was thinking about an URL including user and password (something like "http://domain/jforum2/login.do?username=xxxxx&password=xxxxx") but i couldn't find it.

Is there a way to use the solution above and thus what is the URL I should use ?

If the aforementioned solution is not possible, is there another way to do solve my problem ?

Thanks in advance.


發表人: andowson
10 年 前
You can refer to this http://jforum.andowson.com/posts/list/16.page

Configuring JForum Single Sign-On
•JForum provides a simple SSO facility which allows JForum to be easily integrated with existing web applications. SSO has built in support for:
–using a login cookie
–authentication frameworks that support the request.getRemoteUser() method
•These can be simply configured via properites in the SystemGlobals.properties file.
•You can also implement your own SSO class to support your particular situation, which is described with an example.
•When using SSO the login,logout,register and password retreival options are removed from the JForum menus.

How SSO works
•JForum uses an SSO interface which provides two methods, authenticateUser() and isSessionValid().
•when a user visits JForum, SSO calls the authenticateUser() method, which simply returns the username or null.
•if a username is returned JForum will check to see if there is a matching JForum userid.
•if a matching JForum userid is not found, one is created on the fly.
•the user is then logged in to JForum.
•if null was returned the user will be set as 'Anonymous'.
•if an 'Anonymous' user attempts to access a restricted area on the forum they will be redirected to your login page, with a return path parameter to send the user to the correct forum page once logged in.
•SSO manages various use case scenarios, such as user changes id etc, using the isSessionValid() method.

SystemGlobals.properties entries for configuring SSO

property name Description Default value
authentication.type can be default or SSO default
sso.implementation a class that implements SSO. available classes are CookieUserSSO and RemoteUserSSO net.jforum.sso.CookieUserSSO
sso.password.attribute the name of the session attribute used for updateing jforum password during auto-registration password
sso.email.attribute the name of the session parameter used for updateing jforum email adress email
sso.redirect.parameter the name of the request parameter that contains the url encoded return path for jforum jforum_redirect
sso.redirect.message a message to display on your login page please login to use the forum
sso.default.email used when no session attribute found sso@user.com
sso.default.password ditto sso
sso.redirect a url that points to a login page http://mysite.com/login.jsp
cookie.name.data the name of a cookie that contains the jforum username JforumSSO
sso.cookie.path the pathName of the cookie. for using when you specify your own cookie name if its not in the root path. /


SSO sets the email address in the forum profile to the value of _sso.default.email_ when registering a new user. If you would like to pass your users email address and password you should implement your own SSO class, the approach in the examples can be applied to both forms of SSO.

Attention to the Admin User
When you're using SSO to authenticate users on a different datasource (like LDAP), you lost the default "Admin" user of JForum. To fix that, you have to manually associate the user you want to be the Admin to the "Administrators" group, using the table jforum_user_groups.
•For example, the following set of SQL (MySQL schema) commands fetch a specific user id and associate it to the Administrators group. Please note that the user should try to login first, in order to have his record on the jforum_users table:
•mysql> SELECT user_id FROM jforum_users WHERE username = 'username_of_your_admin';
mysql> 5; (suppose it returned 5 here)
mysql> SELECT group_id FROM jforum_groups WHERE group_name = 'Administrators';
mysql> 3; (suppose the id of the Administrators group is 3)
mysql> INSERT INTO jforum_user_groups (user_id, group_id) VALUES (5, 3);

發表人: nihilist
10 年 前
Thanks for this thorough response !!
I'm going to try it right now.

發表人: nihilist
10 年 前
I followed the paths you mentionned, but it seems i'm stuck with compatibility problems:
- Jforum can't be installed on a Websphere 5 server (limitation due to the proprietary JVM Webpshere uses)
- I have no control on the OS account of the potential forum users, which prevent the use of getRemoteUser() SSO implementation
But in the end, the autologin option (the checkbox in the login page) may solve my issue, until we upgrade our software platform from Webpshere to Glasshfish.

Thanks again.


Edit: The 'dirty' URL, for those interested, is the following:
http://domain/jforum/jforum.page?module=user&action=validateLogin&username=name&password=password&autologin=true

發表人: akash
10 年 前
Hi,I am trying to integrate jforum with my application but i m getting user as Anonymous.I m trying to set a cookie in my application with a name present in cookie.name.data in SystemGlobals.properties with some value(userId),but i think jforum is also creating the cookie with same name as in my application with value(userId) as 1 overriding the cookie created
by my application .Am i following the right procedure ,please help.

發表人: andowson
10 年 前
You can refer to this http://www.andowson.com/posts/list/72.page

A quick check is to see if you have some similar setting in jforum-custom.conf:
authentication.type=sso
sso.implementation=net.jforum.sso.CookieUserSSO
sso.redirect=http://member.yoursite.com/login.jsp
cookie.name.user=username


It means after user logged in from member.yoursite.com, login.jsp will write a username cookie for username in yoursite.com and the cookie's domain is yoursite.com and then redirect to your jforum webapp with returnUrl.

發表人: akash
10 年 前
Its working now.....earlier i was very confused but what you have given is simple.......Thanks a lot.

發表人: akash
10 年 前
For some reason captcha image is not displaying it shows like broken image ,is that a deployment issue or something else.

I have following configuration:

1.O/S - Ubuntu 12.04 Desktop
2.http Server - Apache 2
3.App server - Tomcat 7
4.Java - openJDK Iced tea 7.2.3.3
5.Jforum - 2.3.4
6.virtual machine on Esxi 5.1

發表人: andowson
10 年 前
1.You can check Tomcat's catalina.out first for some exception message as a hint.

2.Check if your JAVA_OPTS has -Djava.awt.headless=true set. For example:
JAVA_OPTS="-server -Xss256k -Xms2048m -Xmx2048m -XX:NewSize=512m -XX:MaxNewSize=512m -XX:SurvivorRatio=8 -XX:PermSize=256m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Djava.awt.headless=true"




會員註冊 / 登入  |  電腦版  |  Jump to top of page