Single Sign On (Connect XF with XF, WordPress, etc)

Alpha1

Well-known member
It would be really awesome if we would be able to connect multiple XF installs. Or a XF install with Wordpress, Magento, MediaWiki, etc.
Members would be able to use multiple sites and scripts with the same login or while they keep being logged in.

XF 2.1 has a REST API. Please extend this to OAuth (Open Authentication)

Remarks from the REST API suggestion thread:
- Remote user authentication by calling direct to the authentication system without having to reload or redirect people

There is still no outside script that can say "Log this user into XenForo". All the APIs I've seen require you to pass the login/email and password. Well, what if I don't have/store their password? Or what if I don't want to store the user's password in XenForo's database? What if I don't want to send that information across a domain? I should be able to have an outside script just TELL XenForo "user with e-mail address X should now be considered logged in!"

If you want to read just how painful it currently is to integrate XenForo with a third-party script that will be handling all the authentication, read here:
https://xenforo.com/community/threads/login-logout-register-from-outside-xenforo.65878/#post-709906
I can only imagine the explosion of apps and third-party integrations that would be released...

It would be so cool to see what gets built. And OAuth authentication... ah, the possibilities!
 
Upvote 326

DevOops

Member
... but only for people they can code such things. ;-)

All non devs, lifes better with some options as core function in a next release I think. :)
"Non-devs" shouldn't tell devs how to dev ;) You'd just get a polished setup script or docker config that is common with an auth or SSO provider with your XF - no need to learn dev. I don't want XF to be yet another SSO provider. Do one thing and do it well; XF is a forum. There are plenty of quality well rounded light weight SSO providers already.
 

DevOops

Member
It may make sense for people to understand the difference between "single sign on" and "same sign on". Which one are you asking for?

One of my current clients was very proud that all of their systems offered "single sign on". Nope. They all offered "same sign on". Which was great. Every system used the same set of credentials to gain access. And retained login credentials for "awhile" so that you did not have to relogin to every system every day.

In general Single Sign On solutions are very very complex: SAML is a real pain https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language

Same Sign On is much much easier to achieve.

Which one does your users need? Does your client understand the difference? What do they need?

Same Sign On between Moodle https://moodle.org/ an XF is a trivial modification to a co-existing Moodle system. No changes required on XF as it is the master as far as Moodle is concerned. But in reality Same Sign On allows a pyramid of credentials. Each system is aware of a single upstream system that validates credentials.

ping me if you have questions...
So this is no longer valid? https://xenforo.com/community/threads/xenforo-with-saml-and-or-auth0.129615/#post-1153789
Trying to figure out how to integrate Ory Kratos and XF in the most proper way.

This would clearly make XF more competitive against other forums, too:

I wonder why devs are so resistant to answer considering we're trying to actually add development efforts to their ecosystem. Just a few replies from them or a bit more docs could help us pull this off... But silents across all related threads from them; not encouraging.

We're all paying customers or else we wouldn't be able to post here yet we can't get any meaningful reply from an XF dev?! Common...
 
Last edited:
Top