Implementing SSO and authentication

Clay Gordon
Clay Gordon
@claygordon
2 months ago
733 posts
I have a Ghost site at domain.com and I want to implement SSO to my jamroom site at sub.domain.com. Ghost does not have the equivalent of Jamroom forums and I want to make the Jamroom forums available to all members (signups are turned off on my Jamroom site) – even as an archive the traffic is strong and there are about 12,000 posts in the Forum that, right now, are read-only for new visitors.

When someone signs up at ghost it will trigger a webhook event (members.added) and a middleware SSO app will listen to that request & pass it on to JR & a new members account and profile will be created. (There will be a custom sign-up link on the JR side that is passed to the Ghost signup form.)

We are looking at implementing a shared cookie approach as has been recommended but there are questsions about how the authentication mechanism on the jamroom side that I will be posting here. Any general direction on where to look (I have searched the documentation) will be helpful.
michael
@michael
2 months ago
7,698 posts
Normally for single sign on we suggest using the existing OneAll module
https://www.jamroom.net/the-jamroom-network/networkmarket/47/oneall-social

then they can use the same login on both sites = Single Sign On.

But it sounds like you're looking for something different in getting it to seam like the sites are not different but the same.

My first thought is disable login on the jamroom site, only enable it on the other system then add a listener

Docs: Events and Listeners
https://www.jamroom.net/the-jamroom-network/documentation/module-developer-guide/1011/events-and-listeners

to the jamroom side that picks up on anyone who is not logged in visiting a page.

The listener reaches out to the other system and requests who they are logged in as. Gets their email address and logs in the user with the same email address or creates the jamroom side user/profile with that info if they've not yet got a jamroom side account.

If they're not logged in on the main site and trying to access a jamroom page I'd probably immediately redirect to the login.

Something like that.

You could reach out on each page load to check the user status or if that was too heavy run a listener on the ten_minute_maintenance event to log out users who had logged out at the main site.
Clay Gordon
Clay Gordon
@claygordon
one month ago
733 posts
As an FYI, my developer is working on a NodeJS service to make it possible to use OneAll with Ghost.

As this is not an JR plug-in, how would I let JR users know that the NodeJS service is available?
michael
@michael
one month ago
7,698 posts
Forum post works, but if you wanted something more substantial make a module for it, something that you can turn on in the ACP, even if its just a wrapper. Then add it to the marketplace either via creating a developer account and supporting it or something else. How would you want to do it?
Clay Gordon
Clay Gordon
@claygordon
one month ago
733 posts
Michael –

I am asking my developer how he wants to proceed. I think the first step is to see if there is any overlap in the Jamroom/Ghost universe. There is already a OneAll module.

He is, of course, going to offer this on the Ghost side, and we can explore how many Ghost users are interested in a connection to Jamroom communities. If it’s just me? Probably not.

Tags