JForum Single Sign-On Crowd Connector
Apache License 2.0
Code, what code? This one is about re-use!
A jar to enable JForum to recognize Crowd auth token cookies and auto-login/register the user based on the data in Crowd.
Motivation - we use Crowd to manage users for Confluence, Jira, and SVN, and were using the Crowd authenticator to allow Crowd users to login to JForums. However, we wanted a few things beyond that. We wanted single sign-on so the user wouldn't have to sign in again. We wanted users who were removed from Crowd to be unable to login to the forums. We wanted the Crowd group memberships to be synced over to JForum so we can use the groups in Crowd to manage permissions in JForum.
Steps to setup
- Install and setup Crowd. I used version 1.4.3.
- Install and setup JForum. I used version 2.8.1.
- Within Crowd, Add an Application for JForum, with the correct permissions and IPs.
- Download the JForum-SSO-Crowd-Connector.zip file and unzip.
- Unzip the jforum-sso-crowd.zip file within, and copy the resulting com directory into your JForum home/WEB-INF/classes/ directory.
- Copy the crowd.properties file into your JForum home/WEB-INF/classes/ directory.
- Edit the crowd.properties file and set the correct Crowd application username, password, and the Crowd URLs.
- Copy the crowd-integration-client-1.4.jar file from your Crowd/client directory into your JForum home/WEB-INF/lib/ directory. (If you see XFire errors later on, you may need to also install XFire jars and the jars XFire depends on into this location.)
- Edit the JForum home/WEB-INF/config/SystemGlobals.properties to include the lines from the SystemGlobals-additions.properties file.
Optionally you may wish to provide a login link on the forums that points to your primary login page for your Crowd managed SSO applications. To do this, edit JForum home/templates/default/header.htm. Look for the <a id="login" block (line 98-ish). Remove the "&& !sso" part of the logic just above that line, and then edit the href address to your desired login page.
You can create a group in Crowd called "Administration", grant a user membership to that group, login, go to the forums, and access the admin panel using that account. Within there, you can assign Admin rights to any of the group(s) the user belongs to from Crowd. So if you have an existing group you use to identify Admins, you can use that, and then get rid of the Administrators group once you are done.