HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

PHP - jsConnect Embedded SSO

jaredNZjaredNZ New
edited August 2013 in Vanilla 2.0 - 2.8

Hello. I've been banging head against SSO wall for 6 hours now. Please help -- I need to integrate with my current system using the embedded code: this is my php generator:
`

    //  Get the login security string for Vanilla.
    public static function getVanillaSSO($cUser)
    {
        $iTimestamp = time();
        global $sVanillaClientNumber;
        global $sVanillaSecretNumber;

        $cVanillaUser = array();

        //Create the Vanilla Object:
        $cVanillaUser['email'] = $cUser['email'];
        $cVanillaUser['name'] = $cUser['name'];
        $cVanillaUser['photourl'] = appCore::getGravatarURL($cUser['email']);
        $cVanillaUser['uniqueid'] = $cUser['id'];
        $cVanillaUser['client_id'] = $sVanillaClientNumber;

        $sVanillaUser = json_encode($cVanillaUser);

        $sBase64User = base64_encode($sVanillaUser);

        $sSignatureString = self::getStr2Hex($sBase64User);

        $sSignature = hash_hmac("sha1", "{$sSignatureString} {$iTimestamp}", $sVanillaSecretNumber);

        return "$sSignatureString $sSignature $iTimestamp hmacsha1";
    }


    //Convert a string to hex encoding:
    public static function getStr2Hex($sString) {

        $sHex = "";
        for ($i=0; $i < strlen($sString); $i++)
        {
            $sHex .= dechex(ord($sString[$i]));
        }
        return $sHex;
    }

`

I then put this string into the header of the forum:

var vanilla_forum_url = 'http://quantconnect.com/forum'; var vanilla_identifier = '/forum/'; var vanilla_sso = '65794a6c6257467062434936496d526c6257394163585668626e526a623235755a574e304c6d4e7662534973496d3568625755694f694a455a573176496977696347687664473931636d77694f694a6f644852774f6c777658433933643363755a334a68646d4630595849755932397458433968646d463059584a634c3255784e3245774d6a4e6b4f4755344f4755774d5759335a575932593255344f57526d4e325a6a597a466b4c6d70775a7a397a505449774d435a6b505768306448416c4d30456c4d6b596c4d6b5a786457467564474e76626d356c59335175593239744a544a4761535579526e567a5a584a7a4a544a4763484a765a6d6c735a535579526d526c5a6d4631624852526457467564433577626d63694c434a31626d6c78645756705a434936496a51344f534973496d4e7361575675644639705a434936496a49784d544d794e7a45324d54456966513d3d 1ded7302664862f3e3ee05fcf082cb2885f12787 1361989283 hmacsha1';
I've experimented with Hex encoding each component, and I put the vanilla_sso above the jsconnect script tag file.

I installed the jsconnect plugin into forum, and set the clientid and secret to same as in php. I see jsconnect.js being called in the header.

Am I missing something?

Comments

  • jaredNZjaredNZ New
    edited February 2013

    I think this is progress, but not quite what I was looking for: if you include the:

    (function() { var vanilla = document.createElement('script'); vanilla.type = 'text/javascript'; var timestamp = new Date().getTime(); vanilla.src = vanilla_forum_url + '/js/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(vanilla); })();

    It includes the embed script, which generates the comments box: Which injects where you make <.div id="vanilla-comments"></.div-> in page. Then I click "Sign In As" which I can click, and sign in as myself.

    How can we make it sign into the whole forum, automatically, on first load..

  • Does this only work with the embed plugin version of the forum?
    Does it only work with a "click to login" method or can we make it login automatically?

  • OK got it. Several things not mentioned in documentation:

    1. Neither of these options automatically login on forum load. They both require a button press from user. They appear like FBConnect buttons do -- something users can click to login. This was insufficient for us, they're already logged in, we just wanted forum logged in.

    2. You must enable the embed plugin, and design your forum as an embedded one. Create a page: e.g. forum.php which contains the javascript embed code. Inside the javascript embed code the dashboard provides, put your SSO string:

    <script type="text/javascript" src="http://localhost/vanilla/plugins/embedvanilla/remote.js"> var vanilla_sso = '<?=appForum::getVanillaSSO($cUser); ?>'; </script>

    Now: When the forum displays, you'll have a nice easy link to click, which will login to the forum (like FB).

    hiteshchauhan10
  • edited February 2013

    Congrats. I am still struggling with it. Are you seeing the Signout link after you logged into the forum with the button? You can also try JSConnectAutologin plugin which may remove the singin requirement.

  • Cheers checked it out. Turned out best solution was actually ProxyConnect - it automatically signs you in silently, and avoids the 3 second delay from the JS sign ups.

    log in on Your Site, visit Your Forum, automatically logged in. ProxyConnect has createed their account silently and automatically, and remembers that it is "connected" to the credentials that we gathered from Your Site

  • Cheers checked it out - but for what we wanted - the forum to " just be " signed in when the page loads the best solution was ProxyConnect, http://vanillaforums.org/addon/proxyconnect-plugin

    I'll try with proxyconnect and see if it works, but from its documentation (http://vanillaforums.org/page/singlesignon#proxy)

    ..." log in on Your Site, visit Your Forum, automatically logged in. ProxyConnect has createed their account silently and automatically, and remembers that it is "connected" to the credentials that we gathered from Your Site_"...

  • Cheers checked it out - but for what we wanted - the forum to " just be " signed in when the page loads the best solution was ProxyConnect, http://vanillaforums.org/addon/proxyconnect-plugin

    I'll try with proxyconnect and see if it works, but from its documentation (http://vanillaforums.org/page/singlesignon#proxy)

    ..." log in on Your Site, visit Your Forum, automatically logged in. ProxyConnect has createed their account silently and automatically, and remembers that it is "connected" to the credentials that we gathered from Your Site_"...

  • jaredNZjaredNZ New
    edited March 2013

    For others future reference. Use Proxy Connect, and in your forum header put this code:

    Update the bools to your own login system

    //Make sure the vanilla cookie exists: if ($bThisIsForumURL && $bMySiteIsLoggedIn) { if (appForum::VanillaLoggedIn() === false) { header("Location: http://yourwebsite.com/vanilla-location/entry/signin?Target=discussions"); } }

    With this vanilla validation function:

    /* * Vanilla User Is logged iN */ public static function VanillaLoggedIn() { define('APPLICATION', 'Vanilla'); define('APPLICATION_VERSION', '2.0.16'); define('DS', '/'); define('PATH_ROOT', 'forum'); ob_start(); require_once(PATH_ROOT.DS.'bootstrap.php'); ob_end_clean(); // clear any header output from vanila $Session = Gdn::Session(); $Authenticator = Gdn::Authenticator(); if ($Session->IsValid()) { return $Session->User; } else { return false; } }

    Instant single sign in, back-end cookie validation and -0- delay... this is how you do it properly!

  • businessdadbusinessdad Stealth contributor MVP

    @jaredNZ said:
    For others future reference. Use Proxy Connect
    Instant single sign in, back-end cookie validation and -0- delay... this is how you do it properly!

    Thank for sharing the solution. Just keep in mind that ProxyConnect won't work if Vanilla and the central website are under different 2nd level domains. That's due to security restrictions, in such scenario JsConnect is the only choice.

  • Jared,

    I've read your comments on these forums regarding SSO and Vanilla Forums. I too first attempting to get it working via jsConnect, and while it works, it doesn't work embedded, and it also has an that annoying "Facebook-style connect" dialog you mentioned.

    So I read this thread with interest and decided to try implementing ProxyConnect instead. However, I ran into the same issue that it appears you did here:

    http://vanillaforums.org/discussion/22964/does-vanilla-2-0-18-4-work-with-proxyconnect-1-9-9

    Despite the AuthURL properly returning logged in data when I go to it manually:

    http://www.crushlivepoker.com/site/forumsso

    ...every time I test it in the VN CP, it complains:

    "It doesn't seem like we were able to retrieve a logged-in session from the AuthenticateURL you specified. Please make sure you are logged in to your remote application before performing this test."

    How did you end up solving the problem? Thanks so much for any help...

    /andrew

  • Further information:

    The forums are hosted in a virtual host that is a sub-domain of the primary site:

    http://forums.crushlivepoker.com/

    The cookies in the VF ACP for the ProxyConnect plugin are set to:

    .crushlivepoker.com

    I also verified that the cookies in the config.php file match:

    $Configuration['Garden']['Cookie']['Domain'] = '.crushlivepoker.com';

    The data returned from the Authenticate URL http://www.CrushLivePoker.com/site/forumsso looks correct:

    UniqueID=4 Name=andrew [email protected]

    I'm a little confused as to why the Test ProxyConnect button in the ACP returns:

    "It doesn't seem like we were able to retrieve a logged-in session from the AuthenticateURL you specified. Please make sure you are logged in to your remote application before performing this test.
    NOT LOGGED IN"

Sign In or Register to comment.