Implemented Single Sign On (Connect XF with XF, WordPress, etc)

Alpha1

Alpha1

Well-known member
It would be really awesome if we would be able to connect multiple XF installs. Or a XF install with Wordpress, Magento, MediaWiki, etc.
Members would be able to use multiple sites and scripts with the same login or while they keep being logged in.

XF 2.1 has a REST API. Please extend this to OAuth (Open Authentication)

Remarks from the REST API suggestion thread:
RickM said:
- Remote user authentication by calling direct to the authentication system without having to reload or redirect people
Click to expand...

feldon30 said:
There is still no outside script that can say "Log this user into XenForo". All the APIs I've seen require you to pass the login/email and password. Well, what if I don't have/store their password? Or what if I don't want to store the user's password in XenForo's database? What if I don't want to send that information across a domain? I should be able to have an outside script just TELL XenForo "user with e-mail address X should now be considered logged in!"

If you want to read just how painful it currently is to integrate XenForo with a third-party script that will be handling all the authentication, read here:
https://xenforo.com/community/threads/login-logout-register-from-outside-xenforo.65878/#post-709906
Click to expand...
DeltaHF said:
I can only imagine the explosion of apps and third-party integrations that would be released...

It would be so cool to see what gets built. And OAuth authentication... ah, the possibilities!
Click to expand...
 
Upvote 346
This suggestion has been implemented. Votes are no longer accepted.
otto said:
... but only for people they can code such things. ;-)

All non devs, lifes better with some options as core function in a next release I think. :)
Click to expand...
"Non-devs" shouldn't tell devs how to dev ;) You'd just get a polished setup script or docker config that is common with an auth or SSO provider with your XF - no need to learn dev. I don't want XF to be yet another SSO provider. Do one thing and do it well; XF is a forum. There are plenty of quality well rounded light weight SSO providers already.
 
giffenk said:
It may make sense for people to understand the difference between "single sign on" and "same sign on". Which one are you asking for?

One of my current clients was very proud that all of their systems offered "single sign on". Nope. They all offered "same sign on". Which was great. Every system used the same set of credentials to gain access. And retained login credentials for "awhile" so that you did not have to relogin to every system every day.

In general Single Sign On solutions are very very complex: SAML is a real pain https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language

Same Sign On is much much easier to achieve.

Which one does your users need? Does your client understand the difference? What do they need?

Same Sign On between Moodle https://moodle.org/ an XF is a trivial modification to a co-existing Moodle system. No changes required on XF as it is the master as far as Moodle is concerned. But in reality Same Sign On allows a pyramid of credentials. Each system is aware of a single upstream system that validates credentials.

ping me if you have questions...
Click to expand...
So this is no longer valid? https://xenforo.com/community/threads/xenforo-with-saml-and-or-auth0.129615/#post-1153789
Trying to figure out how to integrate Ory Kratos and XF in the most proper way.

This would clearly make XF more competitive against other forums, too:
meta.discourse.org

Use Discourse as an identity provider (SSO, DiscourseConnect)

I tried sending the default new user notification after an account is created through SSO, but it doesn’t seem right. That email assumes that the user hasn’t logged in yet. It includes a password reset link that takes the user to a login screen. For an account that’s created through SSO, the...
meta.discourse.org meta.discourse.org

I wonder why devs are so resistant to answer considering we're trying to actually add development efforts to their ecosystem. Just a few replies from them or a bit more docs could help us pull this off... But silents across all related threads from them; not encouraging.

We're all paying customers or else we wouldn't be able to post here yet we can't get any meaningful reply from an XF dev?! Common...
 
Last edited:
Tracy Perry said:
Maybe for the same reason there is in other suggestions that have been out there with no real developer response for over a decade? This one is young at only around 5 years. 🤡
Click to expand...
I think the correct answer to this question is that this is not a thread. This is a suggestion and the only desired responses by the developers are like and suggestions for further improvements in the original suggestion. We will create our own SSO for our situation as I believe others have already done for their own situation.

We have spent a great deal of time and money to provide this and we are not done. XenForo has made improvements in the create user and login endpoints in the API, I believe.
 
Implemented in 2.3.

xenforo.com

XF 2.3 - Single sign on and more with OAuth2 in XenForo 2.3

We're approaching the conclusion of the 'Have you seen...?' series for XenForo 2.3. While it may seem like a bittersweet moment, we've intentionally saved one of the most exciting revelations until last. In the upcoming weeks, we might delve into a few more miscellaneous changes and improvements...
xenforo.com xenforo.com
 

Similar threads

SpecialK
  • Solved
XF 2.2 Best way to handle forced login via connected account?
Replies
8
Views
720
mattrogowski
mattrogowski
K
  • Suggestion Suggestion
Allow multiple connected account providers of type XenForo
Replies
0
Views
355
Kirby
K
N
I Need Custom Xenforo and Wordpress Dev Work
Replies
1
Views
2K
NextBuk
N
Subi888
XF to WP Bridge
Replies
11
Views
1K
Subi888
Subi888
T
XF 2.2 Using XenForo as authentication for other subdomains
Replies
6
Views
2K
techguy12
T
Top Bottom