Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

jsConnect and AutoConnect

I've loaded a fresh install of Vanilla 2.5.1 and I've tried the "jsConnect" Plugin 1.5.3 along with "jsconnectAutoSignIn" Plugin, which use to work in Vanilla 2.2.1, but it just doesn't want to work with Vanilla 2.5.1.

The jsConnect 1.5.4 will work as far a creating the New User and Logging In, but only by clicking on the Link "Sign in with ...", the "jsconnectAutoSignIn" Plugin doesn't want to work.

Does anyone have any solution to this?

I've also tried to use the "vanillaconnect" Plugin that is included with Vanilla 2.5.1, but I can't find any Documentation as to how to use it properly.

I've set it up as far as I can, but I'm not sure if there is something I should be changing in my custom "jsconnect.php" file to make it work with it.

Does anyone have a Link to the Documentation or any solution to this??

Comments

  • R_JR_J Admin

    @donavanb

    Sorry to hear that. There is no one with real jsConnect experience hanging around and that's the main reason why all those questions remain unanswered most of the time.

    I assume the new VanillaConnect plugin will make it more easy to integrate other software. There have been a number of issues but I hope they will release it soon: https://github.com/vanilla/vanilla/search?utf8=✓&q=vanillaconnect&type=Issues

    I also have read your question for a SAML integration and I was really interested to make it work, but I knew that I wouldn't have the time that it needs in the near future so I didn't gave you a hint about my interest.

  • @R_J there are a handful of forum users like yourself that keep open-source Vanilla a viable solution for those of us in a professional position.

    Yeah, a (consistently updated) SAML add-on would be nice because it would be more standardized, I would think.

    Right now, if you have a SAML SSO set-up (and WordPress sites, and Vanilla Forums)....

    Wordpress is a child of SAML, then Vanilla is a child of Wordpress. This means that the login info/interaction for Vanilla is 'controlled' by (subordinate of) WordPress and the login info/interaction for WordPress is controlled by (subordinate of) your SAML integration (IDP).

    It would be more standard to have all apps subordinate of the SAML integration (IDP).

    I keep checking back and am trying to time my upgrades both when I have the resources and when I feel things look / feel doable without too much headache ;-)

    Since you brought it up.. just a note that I am a contributor to the open-source onelogin SAML WordPress plug-in.

    https://github.com/onelogin/wordpress-saml

    I have several (SSO) WordPress sites that utilize this plug-in, along with Vanilla 2.3.1 (jsconnect and jsconnectAutoSignIn) that have worked well for quite awhile now (knock on wood). ;-) It would be nice to have more firmly supported open source path to SSO in these situations, however.

    So, I wonder if that open-source onelogin plug-in would be a good start to an open source SAML Vanilla plugin... just a thought.

  • Let's review a few things:

    • jsConnect is actively maintained and supported.
    • VanillaConnect isn't ready for primetime, yet. That project is on pause. It will eventually replace jsConnect.
    • "jsconnectAutoSignIn" is not an official addon and I have no idea what it does or why it exists.
    • Our Cloud service has a SAML SSO solution with full support.

    We have extensive public documentation for jsConnect. We provide official support for it as part of our cloud offering. We don't task staff to open source SSO support here because that isn't part of their job or part of our offering on this site, which is for the community to provide help to each other. Personally, I don't comment on SSO discussions because it's my day job so I don't want to do it as part of my contributions here.

    Using SAML is a very enterprise-grade SSO solution that most individuals cannot achieve on their own, so our position it's an appropriate thing for us to offer as a cloud-only solution. I agree it would be very challenging to use SAML effectively in a small business setting, but I don't think the state of our SSO support has anything to do with that.

  • @Linc I do understand that you guys have a delicate balance with your paid (enterprise) services as apposed to supporting your open source offerings.

    Maybe I can appeal to you guys if I express where I am coming from. I came to know vanilla for the express advertised qualities of it being "Hackable" (not crackable), open source, SSO ready, embed-able, and responsive. I was able to make all this work well in 2.3. (with the 3rd party autosignin plugin)

    We are a publishing company of about 25 people, and we operate about 10 or so brands, most of which are using wordpress solutions as the main site (not necessarily to my choice).

    I was drawn to you guys because you had promise to facilitate all of these qualities.. including an open-source wordpress plug-in.

    Unfortunately, I have implemented only 3 brands so far.. at varying versions... mainly because of consistency due to how these versions are installed.

    One install is embeded and SSO, and I don't yet trust to upgrade at this point due to that.
    One install is heavily trafficked and I don't want to upgrade yet as I am waiting to make sure 2.6.3 works flawlessly regarding the wordpress plugin and SSO (single sign in / out).
    The final install uses all the latest stuff (PHP 7x, Vanilla 2.6.3, Vanilla Wordpress Plugin etc.., .. and it is my main (live) test bed to see if I can eventually migrate all of our brands to it.

    My plea to Vanilla would be to consistently test / upgrade / document the existing SSO offerings... Core, WordPress Plug-in, jsConnect, and to be open to feedback (improvements) for those of us who use what is offered.

    You guys are almost there. There are some subtle problems with the latest WordPress plug-in.. which I have documented on GitHub (Role propagation, and Single Sign Off). The Sign Off problem may rather be a core 2.6.3 Sign Off problem.. I don't know.

    Yes, an open source SAML plugin would be nice, but if it is not offered, it is not offered. Anyway, I hear you regarding SAML.. just that I think you guys have the opportunity to draw people like me if you can address consistency in the open products you do already offer. Our company does not have the budget to pay for enterprise level services unfortunately, but I'm guessing if you can draw people like me.. that some of those may turn into enterprise customers for you.

    You guys have the chance to be the unique company that offers open-source SSO ability.. if you can just be a bit more consistent.. people like me can step up in regards to support in the forums.

    Hope that feedback helps.

  • donovanbdonovanb
    edited September 2018

    Sorry, I should amend that I've documented a bug on the wordpress github repo, and that I've documented the role propagation issue on the wordpress plugin support area rather.

    Just a note.. Single Sign On now works without the old 3rd party AddOn.. but you have to use /sso in the URL.. before it did not require the /sso as long as you used the 3rd party plugin. I'm fine with the /sso thing... but I think it is better with the old (3rd party) solution, because people who happened to land on the forum that were already logged in to SSO, would be logged in automagically.

    TLDR;
    In looking at github... it appeared to me that this may all change again (SSO).. but I don't know anything about that yet. :-) Just hope the open source community is not forgotten.

  • PCTipsGRPCTipsGR New
    edited September 2018

    @Linc said:

    • "jsconnectAutoSignIn" is not an official addon and I have no idea what it does or why it exists.

    jsconnectAutoSignIn is supposed to skip the last step of jsConnect, where you have to press "Sign in with ...". Basically it forces login with the first available provider configured through SSO.

    It was last updated on December 2013 (that is probably why it may not be working :lol:) and it was created by @x00.


    If anyone has any inquiries about that plugin and would like to help/contribute to it, create a new thread on it's official page: https://open.vanillaforums.com/addon/jsconnectautosignin-plugin

  • @PCTipsGR said:

    @Linc said:

    • "jsconnectAutoSignIn" is not an official addon and I have no idea what it does or why it exists.

    jsconnectAutoSignIn is supposed to skip the last step of jsConnect, where you have to press "Sign in with ...". Basically it forces login with the first available provider configured through SSO.

    That is what linking users directly to /sso from your main website will do anyway. We don't check for login on every pageview because that would pass all traffic back to your jsConnect endpoint. The correct way to do it is amend links directly to the forum to point at {someforum}.com/sso instead of the homepage so there is a 1-time check. That is what we advise all customers to do, and it's how it's documented to work. Forking the addon to do that seems poorly advised.

  • @donovanb said:
    Maybe I can appeal to you guys if I express where I am coming from. [...] 25 people, and we operate about 10 or so brands[...] I have implemented only 3 brands so far

    It sounds like you are part of our target audience and that you're undervaluing the cost of your labor. If you're struggling to keep 3 forums maintained and targeting to launch 7 more, that's what cloud is for: to economically scale maintenance away from on-staff developers.

    I realize I'm not going to convince you of this, I just want to be clear my assessment of your situation is very different from your own.

    My plea to Vanilla would be to consistently test / upgrade / document the existing SSO offerings... Core, WordPress Plug-in, jsConnect, and to be open to feedback (improvements) for those of us who use what is offered.

    Our cloud offering uses the same version of those products with the same documentation. On the rare occasion an SSO connection breaks, it's fixed very quickly. It sounds like what you're really asking for is technical support for your situation, which is what our cloud product offers.

    You guys have the chance to be the unique company that offers open-source SSO ability.

    From our perspective, we've already done many times more development work on open source SSO than anyone else in the market, including developing our own easier-to-use SSO products from scratch. Coming to the folks leading the pack by a wide margin and saying "more please" doesn't seem like a winning strategy. The "more" is on our cloud product, and it's tailored technical assistance with on-demand support and someone invested in the success of your efforts to guide you.

  • @Linc Well, at the very least, I am more clear of what the stance is on this subject by your company. Time to make some decisions.

  • FWIW, I was able to get jsconnectAutoSignIn back working in Vanilla 2.6.4 with a small patch.

Sign In or Register to comment.