Hi, I have my Joomla Website as well as a BuzzTouch app authenticating via OpenLDap. It works fine for protecting screens in the app but what I really want is single sign on so that once I log in, I am authenticated and thus my identity is respected across other apps, particularly the website. Has anyone done this or anything like this? Cheers B

Tell me more ... How did you authenticate against LDAP Within the BuzzTouch app? Are you using webview only? Or are you using native views to authenticate against LDAP? How do you retain and pass the authentication from native screen-to-screen within your BuzzTouch app? This is a challenging and important topic! -- Niraj

Hi Niraj, I wrote a PHP (which I am happy to share when I get back from camping) that does a basic ldapbind using credentials captured via the login screen plugin, then structures and returns the required JSON data set in line with the Login plugin API. However, Buzztouch doesn't natively respect the authentication across different screens within the app hence the reason for this question. Yes - enabling sso will significantly add value. Where can I find out about the session mgt of Buzztouch?

Gosh -- I honestly think there is no session management in BuzzTouch iOS code. I simply don't know. However, I shall inquire. In the meanwhile, when you return from camping, lets you and I peruse through the BT code and search for keywords such as login, auth, cookie, token, SSO, Sign, LDAP, protect, encrypt, hide, etc. -- Niraj

Sorry for the delay on this reply. Missed the discussion! There is a user management concept that I use all the time. The idea... 1) When the app launches it creates a User Object. (BT_user). This user object is basic with only a few properties. This object is accessed with [appDelegate.rootApp rootUser]; 2) When the login plugin is used, this user's details are filled in with the results of the login request. userId, userDisplayName, userEmail are returned in the JSON after successfully logging in. These values are set in the root user object like... [appDelegate.rootApp.rootUser setUserId:@"1223"]; [appDelegate.rootApp.rootUser setUserDisplayName:@"David Book"]; [appDelegate.rootApp.rootUser setUserEmail:@"davidsemail"]; (naturally those values would come from the JSON result, not hard coded like that. 3) You can access the users info anywhere in the app, at anytime, easily by getting a reference to the app delegate, then.... NSString *loggedInUserId = [appDelegate.rootApp.rootUser userId]; NSString *loggedInUserName = [appDelegate.rootApp.rootUser displayName]; NSString *loggedInUserEmail = [appDelegate.rootApp.rootUser userEmail]; BOOL isLoggedIn = [appDelegate.rootApp.rootUser userIsLoggedIn]; Hope this helps...

That is excellent information -- Thanks, David! Several thoughts (before I forget during this morning's breakfast): 1. A background timer can be used to auto-logout the User after X-minutes of inactivity. Is there a BT timer technique that we should use? 2. In every screen's viewDidLoad method, will we have to insert a check on [appDelegate.rootApp.rootUser userIsLoggedIn] ? Thank you! -- Niraj

If you want to logout folks automagically you'll for sure need to figure out an approach. There is no automatic approach to this. As far as checking for whether a user is logged in or not, you have a few option. 1) You could "login protect" the screen so the menu or button item checks if they are logged in before showing the screen. See Login Required in the advanced properties of each screen. OR 2) You could do like you mentioned in the viewDidLoad but not on every screen. That would suck! Because all the screens are sub-classes of the BT_viewController, you can do your checking in the BT_viewController class in one spot.

Hi again and thanks David and Niraj. I've been off doing other things for a while but I'm now back onto this challenge. I may be missing something in the responses or possibly I have not outlined what I am trying to do very well ... My question is a combination of Authorisation and Authentication. I have a Joomla website where I host multiple customer's information. As per normal websites, for a user to see their specific information they need to authenticate to Joomla, then they are authorised to see their information. I want that logic in my app so that I can expose pages of the Website with the user's specific information through Customer URL screens. I have the Login working for authentication against the same OpenLDAP instance that Joomla authenticates to. However, the Custom URL screens that expose the user specific information of my website don't respect that I have logged in, which is expected because they have no session/token which would normally be established upon login (standard web stuff). Could I call the Joomla login API from the BuzzTouch Login Plugin and establish/mimic a browser session, then pass the token back to Buzztouch so that my Custom URL screens can use the session info and thus users won't be challenged? How would I pass the session info ie can the JSON string be changed? How would the Customer URL screens know how/where to find the token? Or, is this completely the wrong way to do this? Thanks B

Hi LoveSports: No such thing as the wrong way to do anything, just different approaches. I think I understand what you're doing...in a nutshell. I'll assume you're working with iOS here and not Android. Same idea, different terminology... Browser, non-mobile: -User logs into Joomla site. A session is created, it persists across all pages for the entire visit. -User can access some things, and NOT access others, per your web-apps rules. So far so good. App Login using Login Plugin: -User logs in. The Objective C flags the user object in the app as "logged in" when your backend script returns the appropriate JSON data. -The user is "logged in" within the app, in Objective C, but NOT logged into your website. No http session was created on your Joomla backend that is tied to your mobile app. So far so good, I think I undertand this. So, there are a few ways to set this up and it all depends on the types of content you're protecting inside your app. In this case it sounds like you're using Custom URL screens that come from the Joomla site. Ok, makes sense. So, it's a matter of creating a session in Joomla FROM the UIWebView inside your app. The Custom URL plugin uses a UIWebView to show the web-based content. If you load content in your app in that UIWebView that requires a session, that session should persist to the "next" UIWebView you load in your app. Example: Do two test Custom URL's in our app. Both pointing to Google. Be sure you're logged out of Google in your regular desktop browser. You're NOT logged in. Load the first Custom URL test to Google and login from within your app. This is using the UIWebView to show the Google page. Next, visit your menu with the two Google test on it and load the "other" Google test. You should still be logged into Google. This shows us that the UIWebView in your app is honoring the HTTP request session across all instances of your screens in your app. This should work, it does on my end using several different tests. So, if this is the case, we need to figure out a way to show the app-user a Joomla page that will persist the session so the next Joomla page will show, or not show, depending on their session state. I'm not sure of the best way to do this...hmm...maybe this.... 1) Create a "landing page" in our Joomla installation that automagically logs in the user? You could pass the userId in the URL to this page to determine who to login. 2) Use the login plugin just like you are now but modify it slightly. When your results come back as "valid" - grab the userId from your results and append it to a URL...close the login screen and push a Custom URL screen using your cool URL with the userId at the end. 3) The "landing" page could show a "congrats" you're logged in message? I can't think of a different way to do this using the login plugin. But, of course you could just make a super-simple HTTP Joomla based login screen and show them that in the app - right? FYI: Objective C has no concept of "sessions" as we all understand them from the HTTP side of things. It's up to the app owner to create some sort of user-object, then set a property of that object as "logged in" or not. Your Buzztouch app has a BT_user object that serves exactly this purpose. This user object is loaded into memory when the app launches and you can change it's "userIsLoggedIn" property anytime you want. To access this user anywhere in your app you can do... [your app's delegate name].rootApp.rootUser; To get their id it's... NSString *tmpString = [your app's delegate name].rootApp.rootUser.userId; Hope this helps...

Hi David, Thanks, yes this helps a lot. We could create a new Login Plugin using UIWebView that really just exposes a Joomla Login screen. Then, when the user logs in the session will be established and subsequent Custom URL screens called will honor the session. Cheers - I will report back ...

Exactly! There different reasons to use different approaches. In your case this makes the most sense. Re-post if you run into any snags.