[Product-Developers] Re: Single sign on across heterogenuous systems
optilude at gmx.net
Tue Jul 1 07:34:24 UTC 2008
> you don't state how much influence you have over the 'shop' application, but
> you mention having the site make an HTTP call to Plone so i'm going to assume
> that it's possible to do some custom coding on that side.
It is. I'm not writing it, but I can ask someone else to do some coding.
It's not written in Python, though.
> in the OpenPlans stack, which actually consists of several HTTP services all
> acting as a single 'site', we accomplish something like this by having all of
> our apps honor Plone's authentication cookie.
Will this not only work if all the apps are on the same domain? The shop
is hosted on a completely separate infrastructure and will be DNS'd into
> we have a custom PAS cookie
> auth plug-in which creates an auth cookie as a hash of the username and a
> secret key. all of the apps have a copy of the secret, so they can verify
> that the cookie is to be trusted. since your apps are going to be on the same
> domain, you can use a domain wildcard cookie and the remote hosted application
> will get it.
I see. Any documentation on how those work?
> if you want session timeouts, you could integrate a time component into the
> hash key generation, something that each side knows to change every 2 hours or
> so. you can do whatever you want, as long as both apps have all the
> information needed to generate the hash key.
> of course, you still have the matter of getting the shop app to redirect to
> the Plone login page when it needs to present a challenge.
That's ok, I think. They'll just code it that way, and Plone will
redirect back using a came_from URL parameter.
> as for sharing more detailed member info, HTTP calls back to Plone is probably
> the way to go. or else use a custom PAS properties plug-in and store the info
> somewhere else, where the other app might have more direct access.
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book
More information about the Product-Developers