Support for single sign-on engines

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
Post Reply
RachunZero
Registered User
Posts: 6
Joined: Fri Oct 22, 2010 7:10 pm

Support for single sign-on engines

Post by RachunZero »

I'm still a novice with phpBB, but I can already see that you may wish to review the way your product authenticates.

I think what you'll see more and more is a separation of authentication (and sometimes authorization) from the application itself.

Many products already provide single sign-on via Apache modules or ISAPI filters. For example, SiteMinder, Ping, and Oracle SSO. What these tools do is intercept web requests, authenticate users via redirects, then redirect the user back to the original site with headers containing the user information. They are much more secure than application-based authentication.

A site using such an SSO module can either have embedded logic to process the user information or can pass the user information to another engine which does fine-grained authorization.

I think there are two things that phpBB needs to support such systems.

First, it needs to separate the user identifier from the display name. The "key" to the user should ideally be a one-way hashed GUID (to allow for certain privacy standards). The display name would either come from the sso header or from a user preference.

The second thing needed is that the idea of logging on must be totally configurable. The sso module does that. phpBB only needs to consume the variables and set the user context.

I hope that makes a bit of sense. :)
Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Support for single sign-on engines

Post by Pony99CA »

RachunZero wrote:I'm still a novice with phpBB, but I can already see that you may wish to review the way your product authenticates.
I like how you assume that they haven't thought about this. Have you searched for something like OpenID here?

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
User avatar
Truemedia
Registered User
Posts: 150
Joined: Fri Oct 03, 2008 2:21 pm
Location: Castleford, West Yorkshire

Re: Support for single sign-on engines

Post by Truemedia »

Also JFusion, and the drupal integration the phpbb team are preparing themselves.
PM me about any topics I have made if you have any questions about them. I'm available for paid hire on creating mods and styles for phpBB, or configuration/installation - PM for quote
Other open source project forums I'm on: Area51
Post Reply

Return to “phpBB Discussion”