HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

SSO - Help to automatic account creation on 1st login

edited August 2011 in Root
I have a manual Proxyconnect SSO working but if an already authenticated user from host application connects to Vanilla for first time is prompted with 'entry/handshake/proxy' screen. As the account already exists on the host application can'nt the Vanilla account just be mirrored via the cookie instead of being challenged with another screen looking for a password? Sort of defeats Single-Sign-On. Anybody entering Vanilla without authenticating first on the host application are already being redirected to the host login screen.

What changes are needed to bypass the 'entry/handshake/proxy'?


  • Options
    Found a way around this. Probably not the correct way but as this is a closed system and authentication is performed outside Vanilla, some accounts will have the same email address. To nobble the 'same email as another user' edit applications/dashboard/models/class.usermodel.php within the synchronize() function and change the line containing:
    if ($this->ValidateUniqueFields($UserData['Name'], $UserData['Email'])) { to if ($this->ValidateUniqueFields($UserData['Name'])) {
    and it now works as required.
Sign In or Register to comment.