Jump to content


Photo
- - - - -

A question about SSO hooking


  • Please log in to reply
3 replies to this topic

#1 MarsV

MarsV

    IPB Newbie

  • Visitors
  • Pip
  • 2 posts

Posted 25 July 2012 - 03:43 PM

When a site implements a custom SSO class to authenticate against some external resource, what happens when a user changes his or her password? Does it simply change the IPB stored hash or does it make a call to the SSO class to 'alert' it to the password change?

#2 bfarber

bfarber

    RBT-KS

  • IPS Management
  • 28,640 posts

Posted 25 July 2012 - 03:51 PM

There are many ways you can go about implementing SSO, especially since you typically write the PHP code to handle the process yourself.

That said, typically you would
  • Write an SSO hook to handle recognizing if the user is logged in to the front end, and automatically logging them into the forum if so
  • Write a login module to handle authenticating against the front end
  • The login module can redirect change password and email requests to the front end
When a user goes to change their password, they'll have to do it on the front end. In this type of setup, you never even need to store a valid password in IPB, because all authentication (SSO and actual logins) occur by checking the front end.

Brandon Farber
Development Manager / Senior Support

If it sounds like fun, it's not allowed on the bus!

php5_zce_logo_new.gif     

Invision Power Services, Inc.


#3 MarsV

MarsV

    IPB Newbie

  • Visitors
  • Pip
  • 2 posts

Posted 25 July 2012 - 03:59 PM

So with a custom SSO class, is it required for me to handle session state, or can one simply overload the password check/change functions? It would be nice if the example code located here was a bit more complete, but then again I'm pretty clueless at the moment seeing how I've been researching IPB for only a matter of an hour or so :)

#4 bfarber

bfarber

    RBT-KS

  • IPS Management
  • 28,640 posts

Posted 26 July 2012 - 07:16 AM

So with a custom SSO class, is it required for me to handle session state, or can one simply overload the password check/change functions? It would be nice if the example code located here was a bit more complete, but then again I'm pretty clueless at the moment seeing how I've been researching IPB for only a matter of an hour or so :smile:


Typically, when we write an SSO plugin, we overload the create guest session and update guest session methods. When these methods are reached it means that IP.Board does not recognize the user presently as logged in. Within the overloaded code, we would call out to the front end to validate if the user is logged in there, and then log the user into the forums if so. On the next page load, no callout is done since the user is recognized locally (as a result of logging the user in during the previous step). This helps save resources as the forums do not need to make a callout to the front end on every single page load (only for guests).

Brandon Farber
Development Manager / Senior Support

If it sounds like fun, it's not allowed on the bus!

php5_zce_logo_new.gif     

Invision Power Services, Inc.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users