News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Single Sign On

Started by wora_hr, February 19, 2012, 09:29:07 AM

Previous topic - Next topic

wora_hr

Ok, I am pretty new here since I am evaluating forum for my project.

I cannot search between thousands of posts, especially this Verification thing is killing me and I cannot tell how annoying is. But that is not the point of this topic.

Before I spent to many time for reinventing the wheel, or trying to achieve something that is not possible.. a few questions.


Single sign on - or SSO - no metter of technology, language or what ever else. Se the quick diagram.




Scenario:
- registration on smf is disabled.
- primary database of users outside of smf or inside of smf (if inside whati is minimum fields to be populated from connector or outside system)
- forum authorization done by smf
- authentication done by outside system

- I can do following:
When user register on portal, while create his account in portal DB, I can do another update to SMF users table (wierd shaddow copy not the good way to doit),
but I can create user record on SMF and set some JUNIOR MEMBER ROLE to him. No one should be able to REGISTER on forum.

In the real world, this should be done this way.
1. User registers on portal.
2. If he is logged in on portal, when he click the link to forum. Forum should know that he is registered, and authenticated. To accomplish authorisation on forum (as external entity from portal)
forum should check his own user/roles table to see if this user exists, and If he have any roles.

This can do some Unique Username copy to own forum table if he is the first time on forum, and add some default minimum role.

NOW-> SMF admin, is doing authorization for him by adding him new roles.. like moderator, admin and so on..

IF user is already passed this step, then on next visit by: portal -> login-> authenticate-> click forum link- > SMF confirm Authentication->SMF do Authorisation. -> user post to forum or what ever.


Also, by clicking on back to portal link -> since he is authenticated .-> portal checks auth/authorization and do accept/reject.



So in short: (I do not know to much about php, but I can understand what is written there and how it works, and change most of the things) but..
before doing reverse engineering.. I would like to know:

- what type of authentication on SMF is supported (LDAP, MSAD, HTTPBASIC, database only , CAS etc..)
- What are the base security schema tables
- what are the most important fields for user profile to get this work. (I do not need anything from forum profiles, they have it on portal, just username, avatar and user posts, even I can go live without messaging but it is ok to have that)

- on which php files are connected to: Authentication
- on which php files are connected to: Authorization


If this is possible to accomplish, I will do spring security connector for SSO with SMF. So java applications developed on spring, will have opportunity to work with SMF.


I also plan to make deeper integration from my portal, to allow discussion on portal articles, by creation of automatic topic. And also to make some plugin for smf for sharing content to SMF forums.

So, these are my requirements from smf to get things working, to develop protocol and so on.


UH.. this image verification is painful











Kindred

Look at the API thread stickied at the top of this board.

Also look at ssi.php
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: