mojo and SSO

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This thread is closed to new posts. You must sign in to post in the forums.

8/18/2008 1:28:05 PM

cbae

Total Posts 45

View Posts

mojo and SSO

I'm trying to implement SSO, and need to share role information with another application that's deployed as a virtual folder (i.e. same domain name as mojo but different IIS application pool). Is there anyway (apart from modifying core class files) to call custom, post-authentication code so that the user role information can be stored in a cookie?

8/18/2008 2:03:52 PM

Joe Audette

Total Posts 18439

View Posts

Re: mojo and SSO

In order to give a good answer to a question like this I would need more detail about what you are trying to accomplish described like a use case, and also you must tell me what modifications you would make to the core to achieve it. Then I can better understand and possibly offer some guidance to accomplish the same thing without touching the core.

One thing I can say is, if your other app is running in the same domain then it should be able to read the cookies set by mojoportal. mojoPortal already stores roles in a cookie and you could potentially read this cookie from another app in the same domain.

You can find some example logic where roles are read from and added to a cookie in Web/Components/mojoRoleProvider.cs

Hope it helps,

Joe

8/18/2008 2:54:58 PM

cbae

Total Posts 45

View Posts

Re: mojo and SSO

Actually, grabbing the roles from mojo's default role cookie is only part of the problem. I also need to get the email address of the logged in user because that is the user name that is used by the other system. I tried creating a user with the same username as the email address, but the user name is altered when it gets stored in the database. A user name created as "name @ domain.com" is stored as "name.domain.com" (i.e. the @ is changed to a period).

8/18/2008 3:02:05 PM

Joe Audette

Total Posts 18439

View Posts

Re: mojo and SSO

If you use email for login in the mojoPortal site, then the user email address will already be in the identity cookie and can be obtained in mojoPortal code by Context.Request.Identity.Name, so maybe it could also be obtained within the other app in the same domain.

There are some reasons in mojoportal why we don't want the user name to be the same as the email, thats why we replace the @ with .

I could possibly implement a plugin system for user login event similar to user registered event so you could run some logic that sets extra cookies that are easier to track from your other app. Let me know if that would help and if so I'll try to do it in the next few weeks.

Hope it helps,

Joe

8/18/2008 4:13:21 PM

cbae

Total Posts 45

View Posts

Re: mojo and SSO

That helps a lot. Thanks!

8/19/2008 5:59:52 AM

Joe Audette

Total Posts 18439

View Posts

Re: mojo and SSO

Ok, I will implement this and post again when its done. First I have to finish preparing my product release and then I have some other community contributions I need to review and integrate and then I will implement this plugin system for login event. It really should only take an hour to do it.

If 2 weeks go by and I have not posted indicating this is done, then feel free to post again and remind me.

Best,

Joe

8/23/2008 2:12:42 PM

cbae

Total Posts 45

View Posts

Re: mojo and SSO

Thanks, Joe! This new feature will definitely come in handy. In the mean time, I've been using the "portalroles" cookie as you suggested, but the ability to read the value from the redirected application has been kind of hit or miss depending on the user's browser configuration. At first, I thought that it might have been due to cookies being disabled on the client, but mojo Portal won't even work with cookies disabled. I personally turned off cookies to test it, and after login I'm immediately redirected to the login page. The redirected application has been deployed in a virtual folder of the mojo Portal root folder, so there should be no problem with accessibility. BTW, most of the users that have had problems are using some flavor of AOL browser. Do you know of any incompabilities between mojo Portal and AOL browsers/

8/24/2008 5:27:27 AM

Joe Audette

Total Posts 18439

View Posts

Re: mojo and SSO

I don't use AOL so I don't know anything about their browsers. I test with mainstream browsers IE, Firefox, and Safari.

Probably their browser is some version of IE with their custom toolbar installed. Sometimes these toolbars, even google toolbar have been known to block cookies. I would poke around in the settings and look for any kind of privacy guard or privacy settings as these are usually the ones that block cookies. It may be allowing the authentication cookie but blocking other cookies.

Best,

Joe

8/28/2008 1:27:28 PM

Joe Audette

Total Posts 18439

View Posts

Re: mojo and SSO

I implemented support for UserSignInEventHandlerProviders today. It will be in svn trunk by late tonight.

Documentation for it is here.

Best,

Joe

8/13/2010 3:59:42 AM

pmax

Total Posts 1

View Posts

Re: mojo and SSO

Hello,

First of all I would like to express great impressions for huge effort and great product.

While I was reading previous posts on this topic I realized that I need some functionality in a little bit different scenario, so I would like to ask you for some help.

1) I'm trying to integrate my legacy application with mojo portal (actually I need to provide "forums" functionality within my legacy application). Existing legacy application is based on .NET 3.5 and uses forms authentication with role based security, where users are being maintained within SQL Sever DB. What I need is when the user (with registration email and password) signs in to my legacy application to have him also automatically signed within mojo portal so he could use the functionality of mojo forums (forums are pre-created by mojo admin, this should not depend on users from legacy app nor users from mojo portal). This way users just would need to sign into legacy application and they would have been presented with the link toward mojo forums in order to create/reply on topics/posts. This all is why I need SSO in direction "legacy system -> mojo portal". Until now I've set the forms authorization's cookie and the domain level on cookie within legacy application and also I've set the same machine keys (validation key and decription key) within the web configs of legacy application and mojo portal, but this yealded to no results. Within mojo portal the user is still not authenticated.

2) What is the best way to maintain users from legacy application to corresponding users from mojo portal? Should I create the users with the same email/password directly within mojo DB (from legacy application's DAL) or is it better to use some mapping table between legacy application and mojo portal users? Finally, is this intended to be used in some other way, what are the best practises from your experience?

Thanks in advance.

pmax.

You must sign in to post in the forums. This thread is closed to new posts.