Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

True automatic sign on

Hi,

So i've installed the Vanilla 2.2 and am needing SSO through my application.
Previously I embedded the forum in my application and ended up hacking the code. This time it is standalone but authenticating through my main application.

I have the forum at https://forum.domain1.com
and the authentication endpoint at https://www.domain1.com/forum/authenticate

I have installed the latest jsconnect plugin 1.5.3.

So I login to my application at https://www.domain1.com/forum
This redirects to https://forum.domain1.com/sso
This calls https://www.domain1.com/forum/authenticate and displays the 'you may login as joe bloggs'.
If I click on this I am successfully logged into the forum.

However I do not want the user to have to click the link. I want them to be automatically logged in. I tried using jsAutoSignin but I don't think it works with the latest version.

Is there a way to achieve this?

Cheers,
Buba

Comments

  • edited August 2016

    My advice, if you got it to work at all, accept it as it is. Many people can't even get it to work, so if it works , be glad. Because altering it might break it and then you won't be able to even log in.

    This plugin is not perfect , it requires following the instructions exactly or it will fail. Not sure if it's the plugin or the user's problem. But there is virtually no support for this at all based on what I have seen when others ask similar questions about SSO.

    However I do not want the user to have to click the link. I want them to be automatically logged in.

    If this is possible at all, someone might come here and help you figure it out. But don't hold your breath.. SSO is not the forte of people on this forum… I recommend you look at SSO tutorials.

  • Thanks vrijvlinder,

    It is a bit of a struggle trying to get my head around how the software is constructed and I had hoped to avoid having to create my own plugin to extend jsconnect similar to jsautoconnect.

    I have had some luck just hacking the plugins/jsconnect/js/jsconnect.js file
    when the request to the host page comes back but it's hardly elegant.

        if (signedIn) {
            window.location.replace('https://forum.domain1.com' + connectUrl);
    
        /*$(elems).find('.ConnectLink').attr('href', connectUrl);
       $(elems).find('.Username').text(data['name']);
            if (data['photourl']) {
                    $(elems).find('.UserPhoto').attr('src', data['photourl']);
            }
            $(elems).find('.JsConnect-Connect').show();
            $(elems).find('.JsConnect-Guest').hide();*/
      }
    
  • edited August 2016

    I have had some luck just hacking the plugins/jsconnect/js/jsconnect.js file
    when the request to the host page comes back but it's hardly elegant.

    Elegance is not a requirement where functionality is concerned… Thanks for sharing your hack :)

  • I've been messing around with this too, and I almost got everything to work using the Vanilla jsConnect Auto Signin plugin, so that plugin is definitely not broken.

    The only issue I'm facing is that logging out from my main site doesn't automatically logout from Vanilla, but it works the other way around.

    Did you manage to sync your logins/logouts perfectly?

  • In case anyone finds this thread looking to synch the logouts. Check out this solution: https://vanillaforums.org/discussion/30521/wordpress-vanilla-forum

  • The way to achieve a seamless jsConnect setup is to enable AutoConnect in the config, set the connection to default in its options, then point links to your forum at the /sso endpoint which acts as an automatic redirect to the jsConnect connection page. No additional plugins or hacking are necessary. You can sync logouts by setting the sign out URL in the jsConnect settings to include a redirect parameter that your logout system will recognize & use. Then your logout will bounce to the remote system and back to the forum. It's not entirely aesthetically seamless, but it works well and is our recommended approach. Otherwise, you would need to do cookie manipulation by using cookies with no subdomain on a common domain so they can be deleted from your site or vice-versa.

  • LincLinc Admin
    edited November 2016

    My advice, if you got it to work at all, accept it as it is. Many people can't even get it to work, so if it works , be glad.

    I take exception to this. Hundreds of people have gotten it to work just fine. You only see the folks asking about it here who cannot, which creates a skewed perception. It's not buggy; it's not hacky; it's not finicky. It's a very nice system that takes moderate dev skill to setup (while most SSO systems require very advanced and complex setups). Advising people to quit their effort implies otherwise.

Sign In or Register to comment.