solved SSO Jamroom integration with Ghost

I have an active Ghost site which is essentially a blogging platform with comments.

I also have a live (but dormant) Jamrom site with about nine years worth of Forum postings. It’s there for archive and SEO purposes.

I am looking to revive the Forums component of the Jamroom site and am looking for a bi-directional SSO solution.

Is OneAll appropriate for this use or are there other recommendations people have?

TIA,
Clay
updated by @claygordon: 10/04/23 07:34:25AM

Hi Clay - good to hear from you!

Unfortunately OneAll doesn't support Ghost. Does Ghost provide any type of API or SSO capabilities from their site? We can always check it out.

Let me know if that helps.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

I looked over the Ghost API docs and I'm not seeing anything for SSO. Here's a forum post about it:

https://forum.ghost.org/t/third-party-single-sign-on-sso/3321

Looks like it's been in the works for a while, but no updates.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

There is also now this:

https://www.passportjs.org/packages/passport-ghost/

Brian:

It has been a while.

SSO is a sore topic on the Ghost side, to be sure. There have been some SSO progress but nothing official. My sense is, according to people in the know, that it is doable using a custom adapter in Ghost and a service that sits between Ghost and the other site. I was thinking of asking my developer to use the OneAll API and Passport to build something for Ghost.

This is made for NodeJS - there's probably a way it could be setup as "middleware" somehow as long as it could route the user with authentication info over to JR. If we can get the user redirected over to JR, we can set the auto-login cookie then redirect them back to where they came from.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

Brian:

I know it’s for node.js – which makes sense given the Ghost stack. My developer has no problem setting up a simple middleware server dedicated to handling these requests.

I have been assuming the user is coming from Ghost and the first time through thus not have a user account. If they are authenticated on the Ghost side we have both unique (email) and non-unique (username) IDs and a gravatar or avatar.

Ghost does not use passwords but IIRC Jamroom can autogenerate them and maybe email them? (It has been a while.)

It would be nice to also set up a Ghost account if someone signs up for Jamroom without a Ghost account.

Small steps.

Yeah that sounds doable - if the user signs up/logs in, redirect to the JR site - we can create a password (and email) and auto login. Then redirect back to wherever you want (ideally a base64 encoded URL is passed in the redirect). I would recommend just disabling sign ups on the JR side - if someone clicks on signup, redirect to the Ghost signup. Makes things simpler.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

Gotcha. I will present this to my developer and if there’s a need for some custom coding on your side we can have that discussion when I get there.

Brian –

As an aside when it comes to disabling signups (I haven’t looked at the code base much since 2017):

I want for visitors to see everything in the archive but disable uploading new photos in the galleries, new videos, not create new blog posts, and the like. I know I can remove nav items like Events and Group from the header template which means visitors can’t navigate to them ... I am assuming that if there is an external link from Google or elsewhere removing the nav element will not prevent that page from displaying.

You can turn off signups by unchecking in the ACP -> Users -> Users -> Global Config -> "User Signups".

For the second it sounds like you just kind of want everything to be "read only" - does that sound right? Or do you want them to not be visible at all?


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

Brian:

I want the section labeled as Forums (with the classifieds section) to be updatable - that’s the point of the exercise. However, I want to be able to set the other sections as read-only..

OK so for the Forum module you just wouldn't need to do anything - that would already work. Let me think about if there would be an easy way to set the other modules read only.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

Brian -

1) I am wondering, how much of making everything read-only can be done using Quotas? There are many different profile quotas at the moment. I can simplify them all down to one that restricts uploads and postings for historical members. I believe I can do this for image uploading for example.

This would let me keep one or two quotas with posting/uploading permissions for some privileged users.

2) I am also wondering about an email import feature I thought I saw in the Marketplace. (Used with the User Link module?)

I would like to export all of the active email accounts from Ghost and import them into Jamroom ... if the import feature has dedupe capability. There is going to be some overlap between the two collections. I can see a related issue when it comes to quotas unless there is a way to specify a target quota. I could do the import in tranches targeted at specific quotas.

Yep - that should work - or is at least worth a try.

And yes - you can import users no problem from a list:

https://www.jamroom.net/the-jamroom-network/networkmarket/606/user-import

Let me know if that helps.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

Brian – I am slowly refamiliarizing myself with Global and Quota config options.

Say, for the Image Galleries module I deselect “Allowed on Profile." This would allow members of the quota to SEE galleries already published by clicking on the Images button in the top nav but would not allow them to upload.

There is also a media upload module so I could turn off uploading, but I want people to upload images into Forums posts.

Also – the view documentation link on the User Import module page https://www.jamroom.net/the-jamroom-network/networkmarket/606/user-import page returns a 404 for me.

https://www.jamroom.net/the-jamroom-network/documentation/modules/5077/user-import < 404 URL

Sorry for the late follow up here. Unfortunately no - the "allowed on profile" basically turns that module on/off for profiles in that quota - any existing galleries would be unviewable. What's really needed here is just a way to prevent NEW items from being created - to do that, go to the Galleries page for a profile - i.e. the main profile gallery page for that profile (not an individual gallery) - and you'll see the "+" button for creating a NEW gallery. Click the "configure these buttons..." button (see my screenshot), and modify it so it can only be used by master admins.

That will prevent new ones from being created but still allow the existing ones to be viewed. This works the same for all module indexes on a profile.

Let me know if that helps.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net