I have a Joomla site and a Flash app (in Flex, if it matters). The Flash app is using BlazeDS as back-end. All the things are hosted in the same server, same domain.
Are there anyway to implement SSO for the above environment?
Update:
What I want is: If the user logged in at Joomla, they will be auto logged in at the Flash app. Same vice versa.
You'll need to create a component to handle the login.
The actual login code is very simple. Here is an example from a component we developed for Joomla1.5.
/**
* Log into Joomla
* @return Bool Login Status
* @param $username String
* @param $password String
*/
function login($username, $password, $remember = false) {
if ($username && $password) {
$mainframe =& JFactory::getApplication();
return $mainframe->login(
array('username'=>$username, 'password'=>$password),
array('remember'=> $remember, 'silent'=>true)
);
}
return false;
}
If you don't want to create a full component, then you can use the PHP Component from this page: http://www.fijiwebdesign.com/products/joomla-php-pages.html
Which ever you use, the important thing is how to generate the URL to log into Joomla. It will look like:
example.com/index.php?option={com_component}&template=component&no_html=1
where {com_component} is the name of your component.
In the case of using Joomla PHP Component it would look like:
example.com/index.php?option=com_php&Itemid={itemid}&template=component&no_html=1
Where Itemid is the menu Itemid of the page you create for your PHP component. It is generated after you create a Menu Item for the PHP component for your PHP page.
The &template=component&no_html=1 makes sure only the component HTML is loaded, and no_html means that it will not load any HTML declaration.
Thus you can have some code that for instance returns a JSON or XML response, that your Flex App can consume via a URLLoader or similar request. Or simply just the the string TRUE, or FALSE.
Update:
Ooops, sorry that's not want I want. I want if the user logged in at Joomla, they will be auto logged in at the Flash app. Same vice versa.
I'm assuming you want to keep your user account in the Joomla database but you'll have to be specific if you plan to store user data somewhere else.
Here is how to check if a user is already logged in on Joomla:
$User =& JFactory::getUser();
if (!$User->guest) {
// user is logged in
} else {
// user is not logged in
}
Here is how to get the users session ID:
$Session =& JFactory::getSession();
$sessid = $Session->getId();
To get the Session name:
session_name();
Example of sending user and session data from Joomla to Flash:
$User =& JFactory::getUser();
$Session =& JFactory::getSession();
// for example use JSON which Flex undertands
echo json_encode((object) array('user'=>$User, 'session'=>$Session, 'name'=>session_name ());
How you implement the retrieval of User and Session data is up to you. You could have Flash send HTTP requests to Joomla, or you could use flash vars, or ExternalInterface (http://livedocs.adobe.com/flash/9.0/ActionScriptLangRefV3/flash/external/ExternalInterface.html).
The more important part is passing your session name and ID between Flex and the Browser. You need the session name so that you can set the session cookie in the browser. The cookie should be named the same as the session name, and it's value should be the session ID.
You can use ExternalInterface to set the cookie with Browser JavaScript.
Once the cookie is set, both Flex and the Browser are sharing the same user session and will show the user logged in.
You can also do the same thing between BlazeDS and Joomla and then have Flash talk to BlazeDS to get the session information.
At the other end, if a user logs in via Joomla, you then pass that session to Flash using flashvars when you embed the flash, or use ExternalInterface.
Hi!
I got to do what you are willing to creeping plugin j-amfphp. However, I had to change the core of the plugin, so that the flex does not create a new session and was using that was already created by joomla.
For the plugin to identify which part of the joomla was being logged (Site or Administrator), changed the file: /joomlaapp/amfphp/includes/application.php
replace:
parent::__construct
by
jimport('joomla.utilities.utility');
if( $_COOKIE["j-amfphp_admin"] == true ) { //set the view name $this->_name = "administrator"; } else { //set the view name $this->_name = "site"; } $this->_clientId = $config['clientId'];
//Enable sessions by default if(!isset($config['session'])) { $config['session'] = true; }
//Set the session default name if(!isset($config['session_name'])) { $config['session_name'] = $this->_name; }
//Set the default configuration file if(!isset($config['config_file'])) { $config['config_file'] = 'configuration.php'; }
//create the configuration object $this->_createConfiguration(JPATH_CONFIGURATION.DS.$config['config_file']);
//create the session if a session name is passed if($config['session'] !== false) { $this->_createSession(JUtility::getHash($config['session_name'])); }
$this->set( 'requestTime', gmdate('Y-m-d H:i') );
This new code is exactly what the parent class constructor executes, the only difference is that a cookie I check to see if the flex is running the session administrator or the site ... obviously if the administrator I create the cookie before.
If this change is not made, the flex will create a new session for the user, forcing him to log in again, when I change $this->_name I push the flex using a session that already existed.
Thanks a lot Wladiston!!!!!
It works very well, a can't believe it!!! :-))