How to implement Single sign on

You can integrate Codoforum with your existing user login system using SSO.
Codoforum uses JSONP to make cross-domain single sign on possible.

The requests between your website and codoforum is secured by a shared security key.


Setting up the sso plugin

Step 1 - Installation

Install the Single sign on plugin from Codoforum backend -> Plugins


Step 2 - Configuration

Click on Settings link for the Single sign on plugin to enter the settings page.

forum SSO settings

Here is a basic rundown of all the inputs required on the settings page.

SSO name

This should be the name of the website. It is used by the uni_login plugin.

SSO Client ID

This is a public key and can be any valid string. It is recommended that you use your forum name here.

SSO Secret

This is the private security key which will be shared by your website and codoforum. It can be any valid string.

SSO Get User Path

Codoforum will make the jsonp request to this path to get the logged in user details.

SSO Login User Path

The link to your website login form. For eg. http://mywebsite.com/login.php

Additionaly, you can add a parameter at the end so that your website knows that the request has come from codoforum.
i.e http://mywebsite.com/login.php?referrer=codoforum

Then, you can then check if $_GET['referer'] === 'codoforum' and redirect the user back to codoforum after he logs in your website.
All this will help improve user experience.

SSO Logout User Path

This is your website's user logout link.
You can again do the same as done for login to redirect the user back to codoforum after logout.

SSO Register User Path

The link to your website's user register form.



Creating your sso integrator

Download/fork the skeleton sso integrator from here: https://github.com/evnix/codoforum-sso

Now, you only have to edit and upload the file client.php and sso.php to your server(website) but do not edit sso.php.

The client.php file is heavily documented to help you with the setup.

Make sure the code in the file is executed only when Codoforum requests for the SSO Get User Path as defined above in SSO plugin settings.

Thats it folks.

© CODOFORUM 2018. All Rights Reserved.