https://community.jforum.net/posts/list/5.page JForum - http://www.jforum.net
Here's what's going on in 'authenticateUser':

[code]
public String authenticateUser(RequestContext ctx) {
String user = null;
try {

String email = null;
// Get UserID
Long userId = SecurityTools.getInstance().getUserIdFromCookie();
if (userId != null) {
// Determine user data from somewhere
UserData userData = response.getData(0);
user = userData.getUsr();
email = userData.getEmail();
// TODO: Adapt class ControllerUtils to use more/custom
// attributes for user creation (see
// http://www.andowson.com/posts/list/227.page)

// The password is irrelevant as the user has already logged on
// (set it anyway in case JForum uses it)
ctx.getSessionContext().setAttribute("password", "");
ctx.getSessionContext().setAttribute("email", email);

}

if (LOG.isInfoEnabled()) {
LOG.info("SSO User: " + userId + ", " + user + ", " + email);
}
} catch (Exception ex) {
LOG.error("Problem in authenticateUser!", ex);
}
return user;
}[/code]

Please can someone explain what's missing or what's been changed between the versions?
]]> https://community.jforum.net/posts/preList/10/30.page https://community.jforum.net/posts/preList/10/30.page GMT
http://blog.smartkey.co.uk/2009/10/secure-sso-for-jforum/

I did find a bug that I had to fix, it would get a NPE if the SSO cookie was not set and the user went directly to the forums - the source is included so you can add a null check for that to fix it - other than that it works for us.
]]> https://community.jforum.net/posts/preList/10/31.page https://community.jforum.net/posts/preList/10/31.page GMT https://community.jforum.net/posts/preList/10/34.page https://community.jforum.net/posts/preList/10/34.page GMT