Name

JForum Single Sign-On Crowd Connector

Version

1.1

Product Versions

Crowd v1.4

Author

Devon Hillard

Homepage

http://www.digitalsanctuary.com/tech-blog

Price

FREE! Priceless!

License

Apache License 2.0

JavaDocs

 

IssueTracking

 

Download JAR

JForum-SSO-Crowd-Connector.zip

Download Source

Code, what code? This one is about re-use!

Description/Features

A jar to enable JForum to recognize Crowd auth token cookies and auto-login/register the user based on the data in Crowd.

Motivation - we use Crowd to manage users for Confluence, Jira, and SVN, and were using the Crowd authenticator to allow Crowd users to login to JForums. However, we wanted a few things beyond that. We wanted single sign-on so the user wouldn't have to sign in again. We wanted users who were removed from Crowd to be unable to login to the forums. We wanted the Crowd group memberships to be synced over to JForum so we can use the groups in Crowd to manage permissions in JForum.

Steps to setup

  • Install and setup Crowd. I used version 1.4.3.
  • Install and setup JForum. I used version 2.8.1.
  • Within Crowd, Add an Application for JForum, with the correct permissions and IPs.
  • Download the JForum-SSO-Crowd-Connector.zip file and unzip.
  • Unzip the jforum-sso-crowd.zip file within, and copy the resulting com directory into your JForum home/WEB-INF/classes/ directory.
  • Copy the crowd.properties file into your JForum home/WEB-INF/classes/ directory.
  • Edit the crowd.properties file and set the correct Crowd application username, password, and the Crowd URLs.
  • Copy the crowd-integration-client-1.4.jar file from your Crowd/client directory into your JForum home/WEB-INF/lib/ directory. (If you see XFire errors later on, you may need to also install XFire jars and the jars XFire depends on into this location.)
  • Edit the JForum home/WEB-INF/config/SystemGlobals.properties to include the lines from the SystemGlobals-additions.properties file.

Optionally you may wish to provide a login link on the forums that points to your primary login page for your Crowd managed SSO applications. To do this, edit JForum home/templates/default/header.htm. Look for the <a id="login" block (line 98-ish). Remove the "&& !sso" part of the logic just above that line, and then edit the href address to your desired login page.

You can create a group in Crowd called "Administration", grant a user membership to that group, login, go to the forums, and access the admin panel using that account. Within there, you can assign Admin rights to any of the group(s) the user belongs to from Crowd. So if you have an existing group you use to identify Admins, you can use that, and then get rid of the Administrators group once you are done.

  • No labels

8 Comments

  1. Juha Sadeharju

    The JForum administrative group that needs to be created to Crowd is actually named "Administration."

    Made me scratch my head a few times before I had a peek at the JForum database. (wink)

     -Juha

    1. Devon Hillard

      Fixed! Good catch! Sorry about that.

  2. Adrian Pillinger

    To get SSO working with JForum and Confluence do you need to use a specific SSO authenticator for confluence as well as your SSO Authenticator for JForum? If so what authenticator is required?

    Cheers
    Adrian

    1. Devon Hillard

      You just setup Confluence using the Crowd auth/SSO documentation. We're currently running Crowd, Confluence, Jira, and JForums, and SSO works across them all.

  3. Andy Brook [Plugin People]

    Hi there,
    looking at this, and relatively new to crowd, I have confluence configured using crowd, working fine. Ive got jforum loaded, but it doesnt seem to be 'getting' the fact Ive logged in under Confluence. Can you clarify the use of the following crowd.properties values, from what I can see, this class is looking for 'crowd.token_key' which I believe is set here:

    ...
session.isauthenticated     session.isauthenticated
session.tokenkey 	    crowd.token_key
session.validationinterval  5
session.lastvalidation 	    session.lastvalidation

    Every time the jforum index page loads I get:

    2008-07-10 18:35:57,788 ERROR [STDERR] 10-Jul-2008 18:35:57 com.digitalsanctuary.jforum.CrowdSSO isSessionValid
INFO: isSessionValid entered.
2008-07-10 18:35:57,788 ERROR [STDERR] 10-Jul-2008 18:35:57 com.digitalsanctuary.jforum.CrowdSSO getCrowdTokenKey
WARNING: crowdTokenCookie is null.
2008-07-10 18:35:57,788 ERROR [STDERR] 10-Jul-2008 18:35:57 com.digitalsanctuary.jforum.CrowdSSO isSessionValid
INFO: isSessionValid: crowdSessionToken: null
2008-07-10 18:35:57,804 ERROR [STDERR] 10-Jul-2008 18:35:57 com.digitalsanctuary.jforum.CrowdSSO isSessionValid
INFO: isSessionValid: crowdToken: null
2008-07-10 18:35:57,804 ERROR [STDERR] 10-Jul-2008 18:35:57 com.digitalsanctuary.jforum.CrowdSSO isSessionValid
INFO: isSessionValid: returning: false
2008-07-10 18:35:57,804 ERROR [STDERR] 10-Jul-2008 18:35:57 com.digitalsanctuary.jforum.CrowdSSO authenticateUser
INFO: Entering authenticateUser method
2008-07-10 18:35:57,804 ERROR [STDERR] 10-Jul-2008 18:35:57 com.digitalsanctuary.jforum.CrowdSSO getCrowdTokenKey
WARNING: crowdTokenCookie is null.
2008-07-10 18:35:57,819 ERROR [STDERR] 10-Jul-2008 18:35:57 com.digitalsanctuary.jforum.CrowdSSO authenticateUser
WARNING: Failed to find com.atlassian.crowd.model.token.Token with key: null
2008-07-10 18:35:57,819 ERROR [STDERR] 10-Jul-2008 18:35:57 com.digitalsanctuary.jforum.CrowdSSO authenticateUser
INFO: Returning username: null

    Are specific values expected in participating applications / crowd.properties files?

    1. Dave O'Flynn

      Hi Andy,

      It looks like you may have the domain of the Crowd cookie set incorrectly - it looks like the jForum integration can't read it from the session. For more, see http://confluence.atlassian.com/display/CROWD/Domain

      1. Andy Brook [Plugin People]

        Hi David. Well, I did a vanilla crowd 1.4.4 install, I have confluence 2.8.2 with crowd authenticator in place and working, yet I still get this error with jforum. All apps are running on localhost / mysql, I haven't setup any specific domain, my understanding is that from localhost all will be good (one domain).

        I've checked the default crowd.properties, they all come with crowd.tokenkey whereas this connector has a constant defined as crowd.token_key, which may be the problem. I have yet to rebuild and test, tomorrow...

        1. Dave O'Flynn

          Hi Andy,

          That could explain it (smile) Let me know how you go...

          Dave.