[ProxyConnect] Compatibility issues

binhdo

This discussion is related to the Vanilla Proxyconnect addon.

On a clean installation of v2.01, I receive an error message when enabling ProxyConnect:

Fatal error: Class Gdn_ProxyAuthenticator contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (Gdn_IHandshake::GetUserEmailFromHandshake) in D:\xampp\htdocs\dbtest\community\plugins\ProxyConnect\class.proxyauthenticator.php on line 332

My forum remains inaccessible as long as I manually remove everything related to the plugin and $Configuration['Garden']['Authenticator'] from my config.php.

ellieroepken

I'm having the same problem, and I did the same thing. Then I logged out and I can't get back in.

Tim

I realized sometime last week that there were several issues with ProxyConnect and indeed with all authenticators, that would present themselves down the road. I started working on solutions for these problems and they kind of snowballed into a bigger update than I previously thought. As a result, I missed the 2.0.1 deploy date, so I'll be releasing a new ProxyConnect for 2.0.2 (and first for for 2.0.2a - unstable) shortly.

Sorry for the inconvenience, but I think you'll like the changes :)

udaman

I spent several hours to make this work without success. I was able to follow until Authenticate Url. However, I couldn't proceed in the last section (Finishing Touches) of your documentation. The instruction says
'insert into GDN_UserAuthentication (UniqueID, UserID) values ($YourAdminUsersUniqueID, 1);'
However, UniqueID column doesn't exists in the GDN_UserAuthentication table. Rather two columns-ForeignUserKey and ProviderKey-- exists along with UserID column in the table. The documentation seems to be outdated. I am looking at the white-screen-of-death now.

eleith

for anyone just wanting to get 2.0.1 working with proxyconnector 1.4 look for this line in plugins/ProxyConnect/class.proxyauthenticator.php

   public function GetTokenKeyFromHandshake($Handshake) {
      return '';  // this authenticator doesnt use tokens
   }

and add the following snippet right after it (do not replace it, just append it):

   public function GetUserEmailFromHandshake($Handshake) {
      return ArrayValue('Email', $Handshake, FALSE);
   }

zonymous

Tim,

Thanks for the update. Any idea of a time frame for these updates? I am debating whether or not I should write a custom authenticator for our project or not.

Also, when using ProxyConnect, is there any way to skip the "Give me a new account"/"Link My Existing Account" screen? We just need our existing users to have a new account generated as soon as they are authenticated by ProxyConnect.

Tim

@zonymous I'm hoping for this afternoon or monday. I'll be including that feature in the new version.

@eleith thankyou

zonymous

@Tim Thanks so much for the update.

udaman

@Tim. Will you also update the Finishing Touches section on Wiki where it has the wrong table columns? Thanks!

binhdo

Thanks @Tim, looking forward to any updates...

Desmanthus

Any news on this?

Tim

I just uploaded version 1.6 of ProxyConnect.
This version contains quite a few updates and changes, and is unfortunately not backwards compatible with 2.0.1.

We'll be making 2.0.2 available shortly, but I've left the version requirement 2.0.2a on the plugin so that you can use it with the current unstable code at http://www.vanillaforums.org/download/nightly.

New config settings:
Garden.Authenticator.SyncScreen - TRUE by default, this setting allows you to disable the "Link Accounts" screen during new SSO user signup.

Garden.Authenticators.proxy.AuthField - This setting allows forum administrators to decide which remote field should be considered the UserKey when creating a new user via SSO. Defaults to 'UniqueID'.

The biggest change in this release and with 2.0.2 in general is the consolidation of authenticator configuration in a single menu item on the dashboard. Settings can be affected via the Users > Authentication submenu.

P.S. a new dashboard theme is coming and will improve the look and feel of this section.

binhdo

@Tim Sounds promising, but how exactly is this supposed to work? As soon as I choose an option from the Authenticator's select box, an ajax-loader appears and seems to be running forever, but there are no configurable options. When I just click 'activate', the corresponding Authenticator shows up as 'Current Authenticator', but this doesn't seem to make a difference regarding login or registration.

Tim

Are you running 2.0.2?

Tim

And if so, have you hard-refreshed?

binhdo

Just pulled from github, v2.02a. Anyway, just noticed that V2.02 has been released shortly before and as far as I can see, there has been another update to the add-on. I'll just do a quick re-install and check if it is working now.

Tim

I found the problem. I'll fix it momentarily. Sorry for the inconvenience!

binhdo

No trouble whatsoever...

Tim

ProxyConnect 1.6 + Vanilla 2.0.3

Works for me. How about you?

binhdo

Thanks for your quick response, @Tim! Works nearly perfect up to now (not to become too enthusiastic ;)

Will do some more testing...

binhdo

Just because I'm a tad curious:
I found the SyncScreen setting in config-defaults, but where is the AuthField setting?

Tim

It doesn't exist. When I query it, I provide a default value to use when the actual config is not found. I do the same with SyncScreen, and as such could probably remove it from config-defaults.

I'm not sure which way is 'better' from a clarity standpoint. What do you think?

eleith

-- redacting stated problems --

haven't figured it out fully, but the problems i stated seem to be related to other things...

binhdo

The SyncScreen setting is perfectly fine. There might be reasons to just create a wp-account that's not linked to vanilla.

But here's another concern:

Would be possible to remove the 'Edit my account' and 'Change password' menus when ProxyConnect is enabled and maybe display a link to wp's profile page instead? It might be confusing if users tried to change their credentials from within vanilla.

Tim

SyncScreen = FALSE doesn't disable linking, it disables link prompting. What actually happens is that when a user arrives at vanilla with a valid WP cookie, instead of asking them what username / email they want to create (as before), we go directly to creating an account for them using whatever we got back from Wordpress - username and email.

If the username / email is already in use, we fail silently and the user is not logged in.

eleith

@tim, i got 2.0.3 working with 1.6, i ran into some problems (most of them my fault)

1) git pull on vanilla master is only 2.0.1 right now, had to switch to branch unstable to get 2.0.3

2) my proxy auth page uses json instead of ini, any chance the following snippet can make it into the next update of ProxyConnect?

if(Gdn::Config('Garden.Authenticators.proxy.Encoding', 'ini') == 'json')
            $Result = @json_decode($Response, TRUE);
         else
            $Result = @parse_ini_string($Response);

3) i'm stilling getting pushed to the DefaultController regardless of original page requested, so i needed to change the following line and comment out the redirect

if ($AuthResponse == Gdn_Authenticator::AUTH_SUCCESS) {
            #Gdn::Request()->WithRoute('DefaultController');
            Gdn::Request();
         }

in the end it all works, thanks for the update!

Tim

@binhdo With regard to overriding links from Vanilla to WP

This is of course possible, as you know. The only hesitation I have is as follows:

Currently ProxyConnect for Wordpress (and by extension for any other external application) consists of only 2 parts. 1) the Vanilla-side ProxyConnect plugin which handles all of the authentication and user creation from Vanilla's perspective, and 2) the remote plugin, which allows Wordpress to output the correct information for Vanilla's backchannel socket connection when requested.

The Vanilla-side plugin is currently extremely generic and has no concern about what type of remote authenticator is being plugged into it. The Wordpress-side plugin is very Wordpress specific (as you would expect), but this is OK since it is being installed only in Wordpress and has just one very specific set of tasks.

In order to modify links on Vanilla's side, we have 2 options:

1) Require a 3rd plugin, on Vanilla-side, specific to Wordpress (or whatever application was being "SSO'd"). This plugin would take control of the specific links we wanted to override (Edit my Account, Change Password, etc) and forward them to WP. No configuration would be necessary, but installing ProxyConnect plugin would have an additional step and thus be more complicated.

2) Add additional generic fields in the ProxyConnect dashboard config area, containing links to the User Account and Change Password pages of the remote authenticator site (WP in this case). These fields would not be specific to Wordpress, but rather apply broadly to any foreign application being SSO'd and allow forum administrators to conditionally override these links. The down side is that the config form would get much larger and more complex, and we would lose the ability to customize Vanilla specifically for WP SSO.

I hope I've been able to explain this properly, let me know if anything is unclear. What are your opinions as the potential users of this software? Which way is better/easier/clearer?

binhdo

@Tim I clearly understand what you mean, but I was totally focused on the integration with WordPress. If I were to choose, I'd prefer the second option you mentioned in order to maintain an all-in-one look & feel. I guess it would need maybe three additional settings fields, so it should not become too complex.

Otherwise, where would I start if I wanted to change the way the user menus are displayed? Does it need to be an add-on or could this be achieved by creating a customised theme?

As I'm not really that PHP type of guy, I like the way you can modify or filter almost everything in WordPress via a 'functions.php' file in your theme folder. Does Vanilla offer a similar functionality?

binhdo

By the way, I noticed there have been more than 1600 downloads so far, so what about some other peoples opinions?

udaman

@binhdo I am one of them. The installation wiki isn't correct especially where it says the wrong table columns. I bet many of ppl downloaded tried to mention on this, but this problem isn't solved yet. These are the links to issue:
http://vanillaforums.org/discussion/12341/single-sign-on-proxyconnect-instructions-out-of-date-/#Item_2
http://vanillaforums.org/discussion/12318/proxyconnect-doesnt-redirect-to-login-page/#Item_8

Tim

@udaman I updated the instructions for you.
I also responded to your other question regarding the signinloopback issue. Please get back to me asap.