Skip to main content
I
Ildhund
Inspiring
April 13, 2009
Question

Access link parameters

  • April 13, 2009
  • 1 reply
  • 1247 views

If I'm compelled to visit the forum site, I use a link:

http://forums.adobe.com/index.jspa?showpersonalized=true

Is there any way to add login data to this (or any other) link to cut down the

time it takes actually to get into the forum? Like, for example,

http://forums.adobe.com/index.jspa?showpersonalized=true&un="Ildhund"&pw="password"

If not, could it be made possible?

Noel

    This topic has been closed for replies.

    1 reply

    J
    Jochem van Dieten
    Inspiring
    April 13, 2009

    Ildhund wrote on 2009-04-13 18:37 :

    http://forums.adobe.com/index.jspa?showpersonalized=true&un="Ildhund"&pw="password"

    Quite unlikely. These forums are not hosted by Adobe, but by Jive. If

    you were to log in in such a way that would mean that Jive would be

    responsible for forwarding your credentials to Adobe. That is a huge

    security risk, Jive should never have access to your account credentials.

    If not, could it be made possible?

    Better forwarding between these forums and the Adobe SSO environment is

    very well possible, but it will probably take some programming on both

    the Jive and the Adobe end, so it won't be a quick fix.

    Jochem

    --

    Jochem van Dieten

    http://jochem.vandieten.net/

    I
    IldhundAuthor
    Inspiring
    April 13, 2009

    What about if my access link were something like

    https://www.adobe.com/cfusion/entitlement/index.cfm?e=ca&returnurl=http://forums.adobe.com/login.jspa&loc=en&un="Ildhund"&pw="password"

    Wouldn't that satisfy the security requirements and return me, logged in, to the forums?

    Noel

    J
    Jochem van Dieten
    Inspiring
    April 13, 2009

    Ildhund wrote on 2009-04-13 20:03 :

    What about if my access link were something like

    https://www.adobe.com/cfusion/entitlement/index.cfm?e=ca&returnurl=http://forums.adobe.com/login.jspa&loc=en&un="Ildhund"&pw="password"

    And who is going to email that link to you? Jive?

    The standard way Single Sign On (SSO) works is that you try to access

    these forums unauthenticated for instance at the URL:

    http://forums.adobe.com/message/1889024#1889024

    Then forums see that you are not logged in and forwards you to the Adobe

    SSO server. The URL the forums use for that looks something like:

    http://adobe.com/?returnURL=http://forums.adobe.com/message/1889024#1889024

    You then log in to the Adobe SSO server if you are not already logged

    in. The Adobe SSO server redirects you back to the returnURL with a

    token appended to the URL:

    http://forums.adobe.com/message/1889024#1889024?token=xxxxxxxxx

    If you are already logged in the Adobe SSO server will immediately

    redirect you there.

    When the forum sees the new request it will check if you are logged in.

    You aren't, but there is a token appended to your URL. The forums take

    that token and call a private authentication service on the Adobe SSO

    server to verify the token. The Adobe SSO server checks that the token

    from the forums server is the same as the token it just send to you. If

    it is, it gives you an OK.

    So what have we accomplished now:

    1. The Adobe SSO server has confirmed to these forums that you are

    really "Ildhund".

    2. The forums, which are under the control of an external company, have

    at no point had access to your Adobe ID and can not access your license

    keys in the Adobe store.

    This is the simplified version of the theoretical blueprint of how SSO

    it is supposed to work. For a step by step explanation of the best known

    SSO mechnism see http://web.mit.edu/Kerberos/dialogue.html

    Now these forums work completely differently and I share your pain (I

    get logged out all the time as well). But I don't think we should

    compromise the security of these forums to the extend you are suggesting

    to improve the automatic logon experience. We should instead ask Adobe

    to better align their implementation with this reference model and fix

    the issues with disappearing cookies and sessions getting out of sync

    between serves.

    Jochem

    --

    Jochem van Dieten

    http://jochem.vandieten.net/

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices