Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

ProxyConnect and automatic login

edited June 2011 in Vanilla 2.0 - 2.8
Hi there !
I was playing with Vanilla and ProxyConnect for my new website (http://www.metalfrance.net and http://forum.metalfrance.net), but I have an issue that kinda blocks my users by using the forum.

Here's the situation :
- I'm using Vanilla 2 for the forum
- I'm using eZ Publish 4.2011 for the website
- I'm using ProxyConnect for the forum's authentication

ProxyConnect works OK but you always need to click on the Login button, even if you're already logged in to the main website. So here's my question :

Would it be possible to, if the Vanilla session is still anonymous, trigger the same process that when clicking on Login ?
The goal is that, if the user is already logged in the main website, he's automatically logged in Vanilla when he visits it. Of course, we should be careful not to send to many requests from Vanilla to the SSO.

Thanks for your help !
Tagged:

Comments

  • ToddTodd Chief Product Officer Vanilla Staff
    ProxyConnect actually already does sign you in if you are signed in to the other site, but it has a measure of flood control just like you suggest.

    If you go to Vanilla first and then back to your site then the flood control has kicked in and you won't be automatically signed in without clicking the button.
  • Mmm, you say that ProxyConnect does sign me in if I'm signed in to the other site, but I never saw that happen (wrong configuration maybe ?).
    If I log in to my main website and then go to the forum, I always need to click on the login button.
    Did I miss something ?
  • OK, I found this comment in ProxyConnectPlugin class :
    // The cookie says we're banned from auto remote pinging in right now, but the user has specifically clicked // 'sign in', so first try to sign them in using their current cookies:

    I don't know what's it's referring to (it's in a condition check where $RealUserID equals to -1), but I found out that if I add the following portion of code in my theme hooks, it works as expected :

    public function Base_Render_Before( $Sender ) { // Vérification automatique de la validité de la session côté eZ Publish if ( !Gdn::Session()->IsValid() ) { $Authenticator = Gdn::Authenticator()->GetAuthenticator('proxy'); $Authenticator->Authenticate(); } // Other code go here }

    OK, I don't think this is the cleanest way to go, but it works :). Any suggestion or opinion ?
  • @lolautruche does this still work for you? Im using most recent ProxyConnect and it doesnt seem to work :(

Sign In or Register to comment.