Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Authenticate Url

edited March 2011 in Vanilla 2.0 - 2.8
I am having difficulty implementing the SSO.

On, it says

"The response is sent as plain text using the HTTP transport. It is not sent as an HTML page. The response should not include HTML tags such as < html >, < body >, etc."

But then it goes on to say:
"The response should start at the beginning of the HTTP protocol's body section."

I thought it just said no body tags?

My PHP code is:
echo "UniqueID=$user_id"."\n"."Name=$username"."\n"."Email=$email";

I also implemented the patch discussed at

I either get one of two errors:
1. It logs me in but the username is blank. (When I go into the Admin control area, it shows a blank user was created)
2. It takes me to the synchronize page, but it won't accept the username and password from the originating website.

Please advise.



  • Options
    I tried debugging the file class.proxyauthenticator.php and it seems to be reading in the values from my authentication URL. So that does not seem to be the source of the issue.
  • Options
    Which versions of Vanilla and ProxyConnect are you trying to get to work together? I can't find anyone on the forums who has got 2.0.17.* to work.

    General advice - when testing, destroy the cookie 'VanillaProxy' each time before you test, or the SSO won't work. You should also routinely be destroying the 'Vanilla' cookie when you log out of your parent PHP app.

    As for your earlier question, you're confusing HTTP headers/body with HTML tags. The body of an HTTP request would typically contain an HTML page (including HTML head and body tags).
  • Options
    edited March 2011
    Thanks for the response odeclas.

    After two days of working on this integration and even delving into the source code, I came across two random posts that essentially echo what you said.

    ==>>>> Do NOT bother using any version above 2.0.16 <<<<<==

    There was nothing wrong with my authentication URL at all.

    The patch at ( is still needed for 2.0.16.

    This plug-in really needs to be updated. SSO is the only reason I'm using Vanilla Forums.

    Another caveat for people using CodeIgniter (CI), you will need to create your authentication URL outside the CI framework. If you place it in a CI controller for some reason the SSO cannot read the file. This probably means that you will need to manually create a cookie at log-in using straight PHP that passes the data to your authentication URL.
  • Options
    But with 2.0.16 there are no nested categories, another requirement that I needed!
Sign In or Register to comment.