Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

jsConnect SSO with PHP integration

I'm trying to integrate Vanilla jsConnect SSO with my php site and am confused with the process of integration. I've read the documentation several times but this part is not clear to me. Here's what I have so far:

  1. jsConnect settings

Authentication url: http://localhost/Website/inc/vanilla-signin.php
Sign in url: http://localhost/Website/login.php?src=vanilla

When I visit the form I get a Sign In button and clicking on it takes my to my login page as SSO is the default login option set.

  1. Login page

    <?
    $clientID = "xxxxxxx";
    $secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx";
    
    // authenticated user here and logged him on the site
    $timestamp = time();
    $signature = sha1($timestamp.$secret);
    
    header('location: inc/vanilla-signin.php?client_id='.$clientID.'&callback=vanillasso&timestamp='.$timestamp.'&signature='.$signature);
    exit();
    ?>
    
  2. Authentication Page

    <?php
    require_once 'functions.jsconnect.php';
    require_once '../includes/connect.php';
    
    // 1. Get your client ID and secret here. These must match those in your jsConnect settings.
    $clientID = "xxxxxxxx";
    $secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx";
    
    // 2. Grab the current user from your session management system or database here.
    if(isset($_SESSION['user']))
        $signedIn = true;
    
    // 3. Fill in the user information in a way that Vanilla can understand.
    $user = array();
    
    if ($signedIn) {
       // CHANGE THESE FOUR LINES.
      $user['uniqueid'] = $_SESSION['user']['id'];
      $user['name'] = $_SESSION['user']['name'];
      $user['email'] = $_SESSION['user']['email'];
      $user['photourl'] = SITE_URL.'img/users/'.$_SESSION['user']['profile_image'];
    }
    
    $secure = 'sha1';
    WriteJsConnect($user, $_GET, $clientID, $secret, $secure);
    
    header('location:../forums/');
    exit();
    ?>
    

I get redirected back to forums but that Sign In button stays the same. It seems I'm not getting logged in. If I disable the redirect part in vanilla-signin.php temporarily, I get this echo (personal details omitted)

vanillasso({"uniqueid":"34","name":"Name","email":"name@gmail.com","photourl":"http:\/\/localhost\/Website\/img\/users\/photo.jpg","client_id":"xxxxxxxx","signature":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"})

What is happening here?

Comments

  • LincLinc Detroit Admin

    The authentication page should not redirect at all, ever.

    The login page should handle 100% of logging into your site. It must not redirect to the authentication page. You can send the user to the forum after login.

  • So I log the user in and send him back to forums. Then forum will ping the authenticate page automatically, is that what you're saying?

  • LincLinc Detroit Admin

    If you make jsConnect the default signin method, and redirect them to the /sso endpoint, then it will automatically ping it. Otherwise they'll have to click the "Signin with jsConnect" button.

  • And success finally. Thanks a lot Linc. Please don't mind if I write a tutorial style blog on how to do it.

  • After two installations on different projects I finally wrote a blog on the integration. Its simple once you do it. But very hard to get your head around it by yourself. =)

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    @VipulK said:
    After two installations on different projects I finally wrote a blog on the integration. Its simple once you do it. But very hard to get your head around it by yourself. =)

    You should also post it here in the tutorial category.

  • How do I do that? In the tutorials section, I don't get any button to create a new tutorial.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    @VipulK said:
    How do I do that? In the tutorials section, I don't get any button to create a new tutorial.

    Just start a new discussion and call it Tutorial for blog integration and a moderator will put it in the Tutorial category...

  • Hi ViPulk.

    I'm trying to auth my Vanilla's users with SSO "provided" by an external script (in PHP) on another WebSite.

    I configured Vanilla as you mentionned in your first post, but I don't know where you found the "connect.php" in your authentication file.

    Moreover, functions.jsconnect.php return me an error (Call to undefined function safeHeader()).

    If you're still alive on this forum, could you help me ? bwdmedia.net, where you leave a tuto, is down...

    Thanks !

Sign In or Register to comment.