JForum: SSOCookies

Many improvements were made, and bugs were fixed.

Details | Download

Is JForum useful for you? Please consider helping this project.


	Home Forum Documentation How do I install JForum? How to contribute Getting help Log in - Wiki

HowToContribute > Jira > SSOremote > AttachmentConfigurations > JForum3DevelpmentProcess > JForum3HowToHelp > JForum3SourceCode > Migration > StatisticsVersionInformationOnlineUsers > NewFeatures2.1.8 > SSOCookies

Using a cookie for SSO.

The simplest aproach with SSO cookies is to have the expiration (setMaxAge) to -1, this will make it a session cookie. If you provide ; remember me on this computer type function set expiration to some large number e.g. 60*60*24*365.

This is just an example. CookieSSO does not exist in JForum by default.

Using an existing login cookie

Use the method when you already have a login cookie with the value set to the username.

Ensure all other SSO related settings are at default values in the SytemGlobals.properties file. The following will enable an exisiting cookie for SSO.

authentication.type=sso
sso.implementation=net.jforum.sso.CookieUserSSO
sso.redirect=http:/mysite.blah/login.jsp # change
sso.cookie.name=myAutoLogin # change

When a redirect is sent to your login page you can display a message (sso.redirect.error) using the request parameter error.


1 ...

2 String redirect = request.getParameter("jforum_redirect");

3 if (redirect != null) login_message = request.getParameter("error");

4 ...

You should also check the redirect parameter in your login action, as you will want to send the user to the correct page once logged in:


1 ...

2 if (redirect != null && redirect.trim().length() > 0)

3          response.sendRedirect(redirect);

4 ...

Set sso.cookie.path if your login cookie path is not set to root path, i.e. "/".

Using the default SSO cookie

Use this method when you don't have a login cookie with value set to username.

Providing all other SSO related settings are at default values in the _SytemGlobals.properties_ file the following will enable the SSO cookie.

authentication.type=sso
sso.implementation=net.jforum.sso.CookieUserSSO
sso.redirect=http:/mysite.blah/login.jsp # change

When a redirect is sent to your login page you can display a message (sso.redirect.error) using the request parameter error.


1 ...

2 String redirect = request.getParameter("jforum_redirect");

3 if (redirect != null) login_message = request.getParameter("error");

4 ...

You need to alter your web-site login action to set the cookie username when your user logs in:


1 ...

2 Cookie cookie = new Cookie("JforumSSO", user.getUsername());

3 cookie.setMaxAge(-1) // session cookie, or set to positive number.

4 response.addCookie( cookie );

5 ...

You should also check for a redirect parameter as you will want to send the user to the correct page once logged in:

Plugin insertion failed: Could not find plugin Java2Html

Finally, update your logout action to remove the cookie.


1 ...

2 Cookie cookie = new Cookie("JforumSSO", "");

3 cookie.setMaxAge(0) // delete the cookie.

4 response.addCookie( cookie );

5 ...

My auto login cookie contains email adress or numeric id?

If your existing login cookie contains some other data then see the example in implement your own SSO class, which deals with a case of email address in cookie. You should be able to apply the same approach for any situation.

or simply use the defaul cookie, which saves you having to rebuild JForum.