JForum SSO (single sign-on) and Atlassian Crowd

Home/Java, Security/JForum SSO (single sign-on) and Atlassian Crowd

Over at our new ATG Developer Community site, we’re using Atlassian Crowd to manage our user accounts, groups, and single sign-on (SSO) between Jira, Confluence, to manage Subversion authentication, and to handle the forums (JForum) user accounts.

There was an example on how to integrate JForum and Crowd, which works pretty well. When you login to the forum, it checks Crowd and creates a local account if needed and logs you in.

However, we want single sign-on (SSO) so that our users don’t need to login to the forums separately. We also want group membership in Crowd to be reflected in JForum to allow us to manage permissions based on Crowd managed groups.

I’ve written a JForum SSO implementation that ties into Crowd that I’m going to share here. It’s version 1.1 (just added group sync), but it seems to work nicely.

Download the zip file here:
jforum-crowd-sso

unzip it into your jforum/WEB-INF/classes/ directory.

You have to install the crowd client jar, and the crowd.properties file.

You may also need to install the xfire jars if you get errors. I did.

Then you need to setup the sso configuration in the jforum/WEB-INF/config/SystemGlobals.properties

like this:

authentication.type=sso
sso.implementation = com.digitalsanctuary.jforum.CrowdSSO
sso.redirect = your crowd managed app login page
sso.crowd.syncGroups=false

That last flag should be set to true if you would like the user’s groups synced from Crowd to JForum at auth time. This takes a second, so I made it optional. It does not push JForum group membership info to Crowd, it just syncs Crowd data down, as Crowd should be your master directory for that type of data.

The source code is available here for now:

CrowdSSO.java

-EDIT-

Added a full downloadable module and installation instructions here:

http://confluence.atlassian.com/display/CROWDEXT/JForum+Single+Sign-On+Crowd+Connector

By | 2017-05-18T15:17:27+00:00 June 8th, 2008|Java, Security|4 Comments

About the Author:

4 Comments

  1. Bookmarks about Sso August 6, 2008 at 4:30 pm - Reply

    […] – bookmarked by 4 members originally found by kie on 2008-07-26 JForum SSO (single sign-on) and Atlassian Crowd http://www.digitalsanctuary.com/tech-blog/java/jforum-sso-single-sign-on-and-atlassian-crowd.html […]

  2. Zak April 3, 2012 at 2:23 am - Reply

    Love the fact that this is possible, however our crowd is allowing me to login to confluence but I cant get the SSO to work on the jforum aspect, followed the instructions on both this page and the atlassian knowledge article however it doesnt show any outward sign of going off to the crowd server to retrieve my username and password.

    does it matter where in the systemGlobals.properties file I place your additional lines?

  3. Zak April 3, 2012 at 3:28 am - Reply

    I think I have gone onto the next step now: instead of appending the code into the SystemGlobals.properties file I have added it to the jforum-custom.conf file and that appears to have taken me one step further, however I now get error 500 whenever I access the forum:

    type Exception report

    message

    description The server encountered an internal error () that prevented it from fulfilling this request.

    exception

    javax.servlet.ServletException: Servlet execution threw an exception
    net.jforum.util.legacy.clickstream.ClickstreamFilter.doFilter(ClickstreamFilter.java:59)

    root cause

    java.lang.NoClassDefFoundError: com/atlassian/crowd/integration/service/soap/client/SecurityServerClientFactory
    com.digitalsanctuary.jforum.CrowdSSO.authenticateUser(CrowdSSO.java:76)
    net.jforum.ControllerUtils.checkSSO(ControllerUtils.java:223)
    net.jforum.ControllerUtils.refreshSession(ControllerUtils.java:285)
    net.jforum.JForum.service(JForum.java:158)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    net.jforum.util.legacy.clickstream.ClickstreamFilter.doFilter(ClickstreamFilter.java:59)

    looks like something is missing from your code for later versions of the jforum application, im using 2.1.9. I know this blog post is pretty old, but any chance you could send me in the right direction?

    • Devon April 3, 2012 at 6:54 am - Reply

      I’m sorry, but we’re no longer using JForum so I haven’t kept any of the code up-to-date. If you do find a fix, please share the solution here if you would! Thanks.

Leave A Comment