I got the SSO working on jforum 2.1.9 implementing net.jforum.sso.SSO. Now I tried jforum 2.3.1 and it seems like this handling isn't working anymore.

Here's what's going on in 'authenticateUser':

	public String authenticateUser(RequestContext ctx) {

		String user = null;

		try {



			String email = null;

			// Get UserID

			Long userId = SecurityTools.getInstance().getUserIdFromCookie();

			if (userId != null) {

				// Determine user data from somewhere

				UserData userData = response.getData(0);

				user = userData.getUsr();

				email = userData.getEmail();

				// TODO: Adapt class ControllerUtils to use more/custom

				// attributes for user creation (see

				// http://www.andowson.com/posts/list/227.page)



				// The password is irrelevant as the user has already logged on

				// (set it anyway in case JForum uses it)

				ctx.getSessionContext().setAttribute("password", "");

				ctx.getSessionContext().setAttribute("email", email);



			}



			if (LOG.isInfoEnabled()) {

				LOG.info("SSO User: " + userId + ", " + user + ", " + email);

			}

		} catch (Exception ex) {

			LOG.error("Problem in authenticateUser!", ex);

		}

		return user;

	}

Please can someone explain what's missing or what's been changed between the versions?

We're using the SecureSSO module (sort of meant for Grails, but I think it'll work for any java project). You might try that one:

http://blog.smartkey.co.uk/2009/10/secure-sso-for-jforum/

I did find a bug that I had to fix, it would get a NPE if the SSO cookie was not set and the user went directly to the forums - the source is included so you can add a null check for that to fix it - other than that it works for us.

Sorry, the fault was on my side. It's working perfectly in the new version ... one of the configuration properties wasn't set correctly. So shame on me and thanks for listening...