I need some helps on JForum integration SSO. I am aware this discussion
http://www.coderanch.com/t/574564/jforum/Single-Signon-automatic-login. The information is out updated and doesn't match the current code base. The following is the integration logic. Please correct me if it is not right.
1. After a user signs in the application, encrypt this user’s unique identifier and save this encrypted value in a cookie.
2. This cookie can be used to authenticate the user in JForum. A filter/interceptor will be created to verify the authorization for any JForum URLS with a pattern of “/forum/*”
3. When a user navigates to a JForum page, the cookie value will be used to verify user’s credential against the JForum database. The cookie value will be decrypted for usage, of course.
4. If it is the first time for the user using JForum (that is the user account data doesn’t exist in JForum DB), a web service call will be issued to retrieve this user’s profile data, namely screen name, email, and encrypted password, from our app. And those user data will be stored in the jforum_users table of the JForum database.
5. When the user log off her/his account or a session timeout, the cookie will be removed.
Please advise how the integration need to take place.
Thanks for your helps in advance.
![[Logo]](/templates/default/images/logo.jpg){kind=logo}
![[Search]](/templates/default/images/icon_mini_search.gif){kind=icon}
![[Recent Topics]](/templates/default/images/icon_mini_recentTopics.gif){kind=icon}
![[Groups]](/templates/default/images/icon_mini_groups.gif){kind=icon}
![[Register]](/templates/default/images/icon_mini_register.gif){kind=icon}
![[Login]](/templates/default/images/icon_mini_login.gif){kind=icon}
![[Post New]](/templates/default/images/icon_minipost_new.gif){kind=icon}
![[Up]](/templates/default/images/icon_up.gif){kind=icon}
![[Thumb - deny_anonymous_post_in_JForum.png]](/upload/2013/1/17/86118e6e26ee5d7ab1e71d6e1394c8bc_2.png__thumb?OWASP_CSRFTOKEN=)
![[Disk]](/templates/default/images/icon_disk.gif){kind=icon}