Hello,

I have an application running on Websphere and JForum installed in a Jetty HTTPD, the two applications are on separate domain name but I need to avoid users to re-enter their login and password.
I was thinking about an URL including user and password (something like "http://domain/jforum2/login.do?username=xxxxx&password=xxxxx") but i couldn't find it.

Is there a way to use the solution above and thus what is the URL I should use ?

If the aforementioned solution is not possible, is there another way to do solve my problem ?

Thanks in advance.

You can refer to this http://jforum.andowson.com/posts/list/16.page

Configuring JForum Single Sign-On
•JForum provides a simple SSO facility which allows JForum to be easily integrated with existing web applications. SSO has built in support for:
–using a login cookie
–authentication frameworks that support the request.getRemoteUser() method
•These can be simply configured via properites in the SystemGlobals.properties file.
•You can also implement your own SSO class to support your particular situation, which is described with an example.
•When using SSO the login,logout,register and password retreival options are removed from the JForum menus.

How SSO works
•JForum uses an SSO interface which provides two methods, authenticateUser() and isSessionValid().
•when a user visits JForum, SSO calls the authenticateUser() method, which simply returns the username or null.
•if a username is returned JForum will check to see if there is a matching JForum userid.
•if a matching JForum userid is not found, one is created on the fly.
•the user is then logged in to JForum.
•if null was returned the user will be set as 'Anonymous'.
•if an 'Anonymous' user attempts to access a restricted area on the forum they will be redirected to your login page, with a return path parameter to send the user to the correct forum page once logged in.
•SSO manages various use case scenarios, such as user changes id etc, using the isSessionValid() method.

SystemGlobals.properties entries for configuring SSO

property name 			Description 																			Default value 

authentication.type 	can be default or SSO 																	default 

sso.implementation 		a class that implements SSO. available classes are CookieUserSSO and RemoteUserSSO 		net.jforum.sso.CookieUserSSO 

sso.password.attribute 	the name of the session attribute used for updateing jforum password during auto-registration 	password 

sso.email.attribute 	the name of the session parameter used for updateing jforum email adress 				email 

sso.redirect.parameter 	the name of the request parameter that contains the url encoded return path for jforum 	jforum_redirect 

sso.redirect.message    a message to display on your login page													please login to use the forum

sso.default.email		used when no session attribute found													sso@user.com

sso.default.password	ditto																					sso	

sso.redirect			a url that points to a login page														http://mysite.com/login.jsp

cookie.name.data		the name of a cookie that contains the jforum username									JforumSSO

sso.cookie.path			the pathName of the cookie. for using when you specify your own cookie name if its not in the root path.	/

SSO sets the email address in the forum profile to the value of _sso.default.email_ when registering a new user. If you would like to pass your users email address and password you should implement your own SSO class, the approach in the examples can be applied to both forms of SSO.

Attention to the Admin User
When you're using SSO to authenticate users on a different datasource (like LDAP), you lost the default "Admin" user of JForum. To fix that, you have to manually associate the user you want to be the Admin to the "Administrators" group, using the table jforum_user_groups.
•For example, the following set of SQL (MySQL schema) commands fetch a specific user id and associate it to the Administrators group. Please note that the user should try to login first, in order to have his record on the jforum_users table:
•mysql> SELECT user_id FROM jforum_users WHERE username = 'username_of_your_admin';
mysql> 5; (suppose it returned 5 here)
mysql> SELECT group_id FROM jforum_groups WHERE group_name = 'Administrators';
mysql> 3; (suppose the id of the Administrators group is 3)
mysql> INSERT INTO jforum_user_groups (user_id, group_id) VALUES (5, 3);

Thanks for this thorough response !!
I'm going to try it right now.

I followed the paths you mentionned, but it seems i'm stuck with compatibility problems:
- Jforum can't be installed on a Websphere 5 server (limitation due to the proprietary JVM Webpshere uses)
- I have no control on the OS account of the potential forum users, which prevent the use of getRemoteUser() SSO implementation
But in the end, the autologin option (the checkbox in the login page) may solve my issue, until we upgrade our software platform from Webpshere to Glasshfish.

Thanks again.


Edit: The 'dirty' URL, for those interested, is the following:
http://domain/jforum/jforum.page?module=user&action=validateLogin&username=name&password=password&autologin=true

Hi,I am trying to integrate jforum with my application but i m getting user as Anonymous.I m trying to set a cookie in my application with a name present in cookie.name.data in SystemGlobals.properties with some value(userId),but i think jforum is also creating the cookie with same name as in my application with value(userId) as 1 overriding the cookie created
by my application .Am i following the right procedure ,please help.

You can refer to this http://www.andowson.com/posts/list/72.page

A quick check is to see if you have some similar setting in jforum-custom.conf:

authentication.type=sso
sso.implementation=net.jforum.sso.CookieUserSSO
sso.redirect=http://member.yoursite.com/login.jsp
cookie.name.user=username

It means after user logged in from member.yoursite.com, login.jsp will write a username cookie for username in yoursite.com and the cookie's domain is yoursite.com and then redirect to your jforum webapp with returnUrl.

Its working now.....earlier i was very confused but what you have given is simple.......Thanks a lot.

For some reason captcha image is not displaying it shows like broken image ,is that a deployment issue or something else.

I have following configuration:

1.O/S - Ubuntu 12.04 Desktop
2.http Server - Apache 2
3.App server - Tomcat 7
4.Java - openJDK Iced tea 7.2.3.3
5.Jforum - 2.3.4
6.virtual machine on Esxi 5.1

1.You can check Tomcat's catalina.out first for some exception message as a hint.

2.Check if your JAVA_OPTS has -Djava.awt.headless=true set. For example:

JAVA_OPTS="-server -Xss256k -Xms2048m -Xmx2048m -XX:NewSize=512m -XX:MaxNewSize=512m -XX:SurvivorRatio=8 -XX:PermSize=256m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Djava.awt.headless=true"