Problem with single sign-on / automatic login from 3rd party application

Need some custom code changes to the phpBB core simple enough that you feel doesn't require an extension? Then post your request here so that community members can provide some assistance.

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Post Reply
jsargent4039
Registered User
Posts: 4
Joined: Fri Aug 23, 2019 5:08 pm

Problem with single sign-on / automatic login from 3rd party application

Post by jsargent4039 »

Hi all,

We have a 3rd party application (Learning Management System, AKA LMS) for which we have integrated phpBB as a discussion board component. We developed some PHP code that allows single sign on so that a student can log into our LMS and then get redirected to the correct phpBB forum and topic post bypassing the login prompt. This code seems to work just fine in the Firefox browser, but does not seem to work in Chrome, Internet Explorer 11, or Edge browsers. We are wondering if anyone has seen a problem like this before? We are currently using phpBB version 3.2.7 with a SQL Server database.

Without getting into the specific code we are using, the general process we are using is:
1. Check that the user's username and password is found in the users table and is correct. If OK, proceed, if not error out.
2. Check the session keys table based on user ID and last IP used. If no record found, add a record for the current user ID and IP address (involves generating a key ID which is a session ID).
3. Check the sessions table based on user ID and IP address. If no record found, create one and make sure that autologin is set to true (1). If record is found, make sure that autologin is set to true (1).
4. Create browser cookies as follows: "u" which is the user ID, "k" which is the key ID generated earlier, and "sid" which is the session ID generated earlier
5. Get the redirect URL (created by the LMS that includes a link to the topic in the correct forum and is passed into the code via POST) and append the session ID and redirect the browser to that URL.

Any ideas/suggestions? I'm thinking the issue may have something to do with the code that creates the browser cookies since that is something that could be handled differently by different browsers whereas all the other code is back end and should not be affected by the browser.
Post Reply

Return to “phpBB Custom Coding”