Welcome Dialog

Welcome to the Community!

We have a brand new look! Take a tour with us and explore the latest updates on Adobe Support Community.


Access link parameters

Engaged ,
Apr 13, 2009 Apr 13, 2009

Copy link to clipboard

Copied

If I'm compelled to visit the forum site, I use a link:

http://forums.adobe.com/index.jspa?showpersonalized=true

Is there any way to add login data to this (or any other) link to cut down the

time it takes actually to get into the forum? Like, for example,

http://forums.adobe.com/index.jspa?showpersonalized=true&un="Ildhund"&pw="password"

If not, could it be made possible?

Noel

Views

901

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 13, 2009 Apr 13, 2009

Copy link to clipboard

Copied

Ildhund wrote on 2009-04-13 18:37 :

http://forums.adobe.com/index.jspa?showpersonalized=true&un="Ildhund"&pw="password"

Quite unlikely. These forums are not hosted by Adobe, but by Jive. If

you were to log in in such a way that would mean that Jive would be

responsible for forwarding your credentials to Adobe. That is a huge

security risk, Jive should never have access to your account credentials.

If not, could it be made possible?

Better forwarding between these forums and the Adobe SSO environment is

very well possible, but it will probably take some programming on both

the Jive and the Adobe end, so it won't be a quick fix.

Jochem

--

Jochem van Dieten

http://jochem.vandieten.net/

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Apr 13, 2009 Apr 13, 2009

Copy link to clipboard

Copied

If you were to log in in such a way that would mean that Jive would be

responsible for forwarding your credentials to Adobe. That is a huge

security risk, Jive should never have access to your account credentials.

Thanks, Jochem. Makes sense, I suppose, but I can't really see what 'huge

security risk' is involved. Perhaps you could explain. I don't really

understand all these 'security' implications, but I do understand that posting

an email address en clair invites spam.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 13, 2009 Apr 13, 2009

Copy link to clipboard

Copied

It was possible to be permanently logged in on the old forums, which were not hosted by Adobe - do you mean the risk is because of the link between an Adobe ID, linked to software purchases etc., and the forums? I've never been convinced that was a good idea anyway.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Apr 13, 2009 Apr 13, 2009

Copy link to clipboard

Copied

What about if my access link were something like

https://www.adobe.com/cfusion/entitlement/index.cfm?e=ca&returnurl=http://forums.adobe.com/login.jspa&loc=en&un="Ildhund"&pw="password"

Wouldn't that satisfy the security requirements and return me, logged in, to the forums?

Noel

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 13, 2009 Apr 13, 2009

Copy link to clipboard

Copied

Ildhund wrote on 2009-04-13 20:03 :

What about if my access link were something like

https://www.adobe.com/cfusion/entitlement/index.cfm?e=ca&returnurl=http://forums.adobe.com/login.jspa&loc=en&un="Ildhund"&pw="password"

And who is going to email that link to you? Jive?

The standard way Single Sign On (SSO) works is that you try to access

these forums unauthenticated for instance at the URL:

http://forums.adobe.com/message/1889024#1889024

Then forums see that you are not logged in and forwards you to the Adobe

SSO server. The URL the forums use for that looks something like:

http://adobe.com/?returnURL=http://forums.adobe.com/message/1889024#1889024

You then log in to the Adobe SSO server if you are not already logged

in. The Adobe SSO server redirects you back to the returnURL with a

token appended to the URL:

http://forums.adobe.com/message/1889024#1889024?token=xxxxxxxxx

If you are already logged in the Adobe SSO server will immediately

redirect you there.

When the forum sees the new request it will check if you are logged in.

You aren't, but there is a token appended to your URL. The forums take

that token and call a private authentication service on the Adobe SSO

server to verify the token. The Adobe SSO server checks that the token

from the forums server is the same as the token it just send to you. If

it is, it gives you an OK.

So what have we accomplished now:

1. The Adobe SSO server has confirmed to these forums that you are

really "Ildhund".

2. The forums, which are under the control of an external company, have

at no point had access to your Adobe ID and can not access your license

keys in the Adobe store.

This is the simplified version of the theoretical blueprint of how SSO

it is supposed to work. For a step by step explanation of the best known

SSO mechnism see http://web.mit.edu/Kerberos/dialogue.html

Now these forums work completely differently and I share your pain (I

get logged out all the time as well). But I don't think we should

compromise the security of these forums to the extend you are suggesting

to improve the automatic logon experience. We should instead ask Adobe

to better align their implementation with this reference model and fix

the issues with disappearing cookies and sessions getting out of sync

between serves.

Jochem

--

Jochem van Dieten

http://jochem.vandieten.net/

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Apr 13, 2009 Apr 13, 2009

Copy link to clipboard

Copied

LATEST

Thanks a lot for the lecture, Jochem. I can see that it's a bit more

complicated than it appears. Nonetheless, I clicked the link as it appeared in

your post and got delivered to my personalized forums home page.

I still don't see what 'security' is involved with access to public web

forums.

The Kerberos story was entertaining. Like George Gamov explaining quantum

physics.

Noel

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines