Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Authenticate Url
I am having difficulty implementing the SSO.
On http://vanillaforums.org/docs/proxyconnect_sso, it says
"The response is sent as plain text using the HTTP transport. It is not sent as an HTML page. The response should not include HTML tags such as < html >, < body >, etc."
But then it goes on to say:
"The response should start at the beginning of the HTTP protocol's body section."
I thought it just said no body tags?
My PHP code is:
echo "UniqueID=$user_id"."\n"."Name=$username"."\n"."Email=$email";
I also implemented the patch discussed at
http://www.vanillaforums.org/discussion/13698/patch-for-proxyconnect-problems
I either get one of two errors:
1. It logs me in but the username is blank. (When I go into the Admin control area, it shows a blank user was created)
2. It takes me to the synchronize page, but it won't accept the username and password from the originating website.
Please advise.
On http://vanillaforums.org/docs/proxyconnect_sso, it says
"The response is sent as plain text using the HTTP transport. It is not sent as an HTML page. The response should not include HTML tags such as < html >, < body >, etc."
But then it goes on to say:
"The response should start at the beginning of the HTTP protocol's body section."
I thought it just said no body tags?
My PHP code is:
echo "UniqueID=$user_id"."\n"."Name=$username"."\n"."Email=$email";
I also implemented the patch discussed at
http://www.vanillaforums.org/discussion/13698/patch-for-proxyconnect-problems
I either get one of two errors:
1. It logs me in but the username is blank. (When I go into the Admin control area, it shows a blank user was created)
2. It takes me to the synchronize page, but it won't accept the username and password from the originating website.
Please advise.
0
Comments
General advice - when testing, destroy the cookie 'VanillaProxy' each time before you test, or the SSO won't work. You should also routinely be destroying the 'Vanilla' cookie when you log out of your parent PHP app.
As for your earlier question, you're confusing HTTP headers/body with HTML tags. The body of an HTTP request would typically contain an HTML page (including HTML head and body tags).
After two days of working on this integration and even delving into the source code, I came across two random posts that essentially echo what you said.
(http://modxcms.com/forums/index.php/topic,53538.msg351864.html#msg351864)
(http://modxcms.com/forums/index.php/topic,53538.msg355131.html#msg355131)
==>>>> Do NOT bother using any version above 2.0.16 <<<<<==
There was nothing wrong with my authentication URL at all.
The patch at (http://vanillaforums.org/discussion/13698/patch-for-proxyconnect-problems) is still needed for 2.0.16.
This plug-in really needs to be updated. SSO is the only reason I'm using Vanilla Forums.
Another caveat for people using CodeIgniter (CI), you will need to create your authentication URL outside the CI framework. If you place it in a CI controller for some reason the SSO cannot read the file. This probably means that you will need to manually create a cookie at log-in using straight PHP that passes the data to your authentication URL.