[Demo] J!Mint SSO

Written by Anh Nguyen

Labels: Anh Nguyen, Magento and Joomla Integration, Ian MacLennan

This is my first blog for GSoC 2009. It's kinda a bit late compared to other 17 students. :) I had a school event that I needed to attend at the end of May, so I just could started on June 3rd..

First of all, this integration project is really challenging I have to say. Since integration between two systems using cURL is something obvious and has been done by folks already. I'd like to take this J!Mint a step further. Luckily I have some experience with Magento, so that didn't hold me back much. However, to come up with a solution for SSO, it took me quite a while learning and trying out new stuff.

Features :
- Cross-domain SSO, which means that we still have two separated systems running, a Joomla site and a Magento site.
- Once the user logs in the Joomla site. He'll have access to Magento as well. <-- which means if the logged-in user opens another tab and browses the Magento site, he must be still on logged-in status automatically.

- After the user has been logged-in on Joomla site. He can go to the Magento site to shop as usual !

- This SSO solution is not about displaying Magento logged-in content on Joomla site using cURL yet.

Difficulties :
- This cannot be done only using cURL like I thought before in May.

- Needed to make use of iFrames. Cross-domain issue solved.

- Security issues raised when redirecting the login info to the Magento login form.

Work :
- I've done extensive searching and learning on cURL, and Ajax cross-domain communication using Flash / iFrame / Proxy / Hacks / On-demand Javascript. After trying out different techniques, and considering the pros & cons, I came up with a "no-hack" solution using iFrame & a simple proxy on the Magento site.
- I'm working hard on it and hopefully can release the Beta version of SSO plugin by July 1.
- The integrated backend template of Magento into that of Joomla should come along soon, as planned by July 15.

Below is the table specifying which types of users are supported by this SSO plugin.

		Rights to SSO to
		Joomla		Magento
	User Type	Front-end	Back-end	Front-end	Back-end
1	Customer	-	-	Yes	-
2	Front-end Staff	Yes	-	-	Yes
3	Back-end Staff	Yes	Yes	-	Yes

The following flowchart shows how the login mechanism takes place for the user type of Customer. The login process for other user-types should follow the same process with slight modifications.

I basically use two iframes on the Joomla site:

1. One iFrame used to post credentials to the Magento login form. (3) & (4)

2. The second iFrame (5) & (6) is used to verify if the login process has been succcessful or not. The trick is this iframe opens the proxy on Magento. And this proxy checks if the current user is logged-in by simply trying opening a fixed link on Magento that is supposed to be accessible by logged-in users only. If the user is logged-in, then this proxy redirects itself to a page on Joomla, informing Joomla the status of the user. Since the proxy has been redirected back to a page on Joomla site, the iframe is accessible by Joomla, and it doesn't violate the cross-domain rule. No hacks whatsoever. If the proxy is not redirected back to Joomla site, this iFrame is not accessible by Joomla --> indicating this user is not logged-in.

Demo :

Joomla site: http://www.hateit.net/login/

Magento site: http://www.iamtotti.com/server/shop/

The demo login is provided on the Joomla site.

Compatibility :

- Tested on FF 3, IE 7 (protected-mode-Off) , Opera 9.2 , Chrome 2, and Safari 4.

Release :

- This is not even an alpha version yet, just a quick and dirty module on Joomla to test. I'm working on making it an Ajax plugin.

Looking forward to hearing comments from you :)

Anh

39 Votes

13 Comments

Feed

Hans makes this comment

2009-06-25 13:08:47

Looks very cool, but soon MageBridge wil be release without any iframes. checkit out https://www.yireo.com/software/magebridge

I will checkit out ones it's online.
Keep on doing a great job!
Devil makes this comment

2009-06-25 13:58:00

Hi,

there is an "error" when Login:

Error @ start_login: email is null
David-Andrew makes this comment

2009-06-25 16:29:16

Please test and reconsider using iframes, I think this is not a real solution.

1.
We build different payment plugins for Virtuemart and know that many payment systems don't accept a payment via an iframe. iDEAL, the #1 Dutch online payment system is one of them. So if you use iframes you risk that users can use your solution as they cant use their payment methods.

2.
iFrames and Google don't go well!

Yes, and MageBridge is coming, but a little competition isnt a bad thing
Anh Nguyen makes this comment

2009-06-25 20:27:45

#Devil: Are you using IE 7 ? (If so turn the Protected-Mode Off plz ) I didn't see problems with the rest of the listed browsers.

#Hans, #David:
Thank you guys for your comments.
Actually I'd done a quick search b4 even starting this project..and I knew there was a good competitor MageBridge coming too

I don't think MageBridge using cURL can do TRUE cross-domain SSO. Probably it just grabs the Magento content and displays on Joomla.. Please check their demo. It's still Single-domain SSO.

Thanks a lot for your suggestions. Every solution has its drawbacks I'll take your words.
anh.nguyen makes this comment

2009-06-25 23:04:11

#David: Thank you very much for the info . I'm not sure if this is gonna a big problem like that since it's just the login process that makes use of iframes.
- Payment and Shopping takes place on the Magento site as usual.
- Yes..but there is no content or anything to show in the iFrames.
anh.nguyen makes this comment

2009-06-25 23:15:31

#Devil: Which browser were u using? if IE 7, you need to turn off the Protected-Mode. I don't have problems in the rest of the listed browsers. Thanks

#Hans, #David:
Thank you guys for your comments & suggestions. Actually I did know MageBridge even b4 starting this project. and I also like the competition.

MageBridge and jFusion use cURL to do the SSO, so, in my opinion, they cannot do True Cross-domain SSO. And this is the difference between J!Mint and them.
What MageBridge does with cURL is just displays the Magento content on the Joomla site. I'm not very sure about opening the Magento site in another tab.. and the user's still logged-in.

J!Mint allows people to just login to Joomla site and open another tab --> shop on Magento as usual..
David-Andrew makes this comment

2009-06-26 10:41:33

In that case, good work! Carry on
Jisse Reitsma makes this comment

2009-06-26 16:40:51

Hi Anh,
So we keep a watch on each others project To comment on what you said about CURL: It's true you can not do SSO using CURL, but as we claim to truely deliver SSO we do not use CURL for SSO but use a temporary redirect to set cookies in all places. It's one of the most common SSO techniques out there.

You mentioned "Single-Domain SSO" which is I think an expensive way of saying "login". Anyway claiming to offer SSO (JMint, MageBridge, JFusion) needs to accomplish this with IFrames or redirects. There is no other way. Unfortunately for you, there's even a lot of competition when talking about SSO, as both JFusion as our own MageBridge ships with it.

Regards,
Jisse
anh.nguyen makes this comment

2009-06-27 21:51:32

Hi Jisse,

Thanks a lot for sharing what MageBridge uses to do SSO. I thought of using that 302 redirects but haven't tried out. It could be a neater solution.

I look forward to try out MageBridge demo on cross-domain SSO soon.

Best,

Anh
Kelli Piperata makes this comment

2009-06-28 03:05:06

AWSOME
ahmed123 makes this comment

2009-06-29 06:52:20
~Romil makes this comment

2009-08-12 13:14:17

Hey, tried both the sites, seems server is bit on the slower side.

Sounds promising, will look forward to it.
Benjamin makes this comment

2010-01-25 15:18:26

how is the status of the integration? Have not heard from you, Anh.

Latest Leadership Posts

Latest Posts

[Demo] J!Mint SSO

13 Comments

Add Comment