Implemented Single Sign On (Connect XF with XF, WordPress, etc)

Alpha1

Well-known member
It would be really awesome if we would be able to connect multiple XF installs. Or a XF install with Wordpress, Magento, MediaWiki, etc.
Members would be able to use multiple sites and scripts with the same login or while they keep being logged in.

XF 2.1 has a REST API. Please extend this to OAuth (Open Authentication)

Remarks from the REST API suggestion thread:
- Remote user authentication by calling direct to the authentication system without having to reload or redirect people

There is still no outside script that can say "Log this user into XenForo". All the APIs I've seen require you to pass the login/email and password. Well, what if I don't have/store their password? Or what if I don't want to store the user's password in XenForo's database? What if I don't want to send that information across a domain? I should be able to have an outside script just TELL XenForo "user with e-mail address X should now be considered logged in!"

If you want to read just how painful it currently is to integrate XenForo with a third-party script that will be handling all the authentication, read here:
https://xenforo.com/community/threads/login-logout-register-from-outside-xenforo.65878/#post-709906
I can only imagine the explosion of apps and third-party integrations that would be released...

It would be so cool to see what gets built. And OAuth authentication... ah, the possibilities!
 
Upvote 346
This suggestion has been implemented. Votes are no longer accepted.
... but only for people they can code such things. ;-)

All non devs, lifes better with some options as core function in a next release I think. :)
"Non-devs" shouldn't tell devs how to dev ;) You'd just get a polished setup script or docker config that is common with an auth or SSO provider with your XF - no need to learn dev. I don't want XF to be yet another SSO provider. Do one thing and do it well; XF is a forum. There are plenty of quality well rounded light weight SSO providers already.
 
It may make sense for people to understand the difference between "single sign on" and "same sign on". Which one are you asking for?

One of my current clients was very proud that all of their systems offered "single sign on". Nope. They all offered "same sign on". Which was great. Every system used the same set of credentials to gain access. And retained login credentials for "awhile" so that you did not have to relogin to every system every day.

In general Single Sign On solutions are very very complex: SAML is a real pain https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language

Same Sign On is much much easier to achieve.

Which one does your users need? Does your client understand the difference? What do they need?

Same Sign On between Moodle https://moodle.org/ an XF is a trivial modification to a co-existing Moodle system. No changes required on XF as it is the master as far as Moodle is concerned. But in reality Same Sign On allows a pyramid of credentials. Each system is aware of a single upstream system that validates credentials.

ping me if you have questions...
So this is no longer valid? https://xenforo.com/community/threads/xenforo-with-saml-and-or-auth0.129615/#post-1153789
Trying to figure out how to integrate Ory Kratos and XF in the most proper way.

This would clearly make XF more competitive against other forums, too:

I wonder why devs are so resistant to answer considering we're trying to actually add development efforts to their ecosystem. Just a few replies from them or a bit more docs could help us pull this off... But silents across all related threads from them; not encouraging.

We're all paying customers or else we wouldn't be able to post here yet we can't get any meaningful reply from an XF dev?! Common...
 
Last edited:
Maybe for the same reason there is in other suggestions that have been out there with no real developer response for over a decade? This one is young at only around 5 years. 🤡
I think the correct answer to this question is that this is not a thread. This is a suggestion and the only desired responses by the developers are like and suggestions for further improvements in the original suggestion. We will create our own SSO for our situation as I believe others have already done for their own situation.

We have spent a great deal of time and money to provide this and we are not done. XenForo has made improvements in the create user and login endpoints in the API, I believe.
 
Implemented in 2.3.

 
Back
Top Bottom