[Product-Developers] Re: Single sign on across heterogenuous systems

Martin Aspeli optilude at gmx.net
Tue Jul 1 07:34:24 UTC 2008

Hi Rob,

> you don't state how much influence you have over the 'shop' application, but 
> you mention having the site make an HTTP call to Plone so i'm going to assume 
> that it's possible to do some custom coding on that side.

It is. I'm not writing it, but I can ask someone else to do some coding. 
It's not written in Python, though.

> in the OpenPlans stack, which actually consists of several HTTP services all 
> acting as a single 'site', we accomplish something like this by having all of 
> our apps honor Plone's authentication cookie. 

Will this not only work if all the apps are on the same domain? The shop 
is hosted on a completely separate infrastructure and will be DNS'd into 
a subdomain.

> we have a custom PAS cookie 
> auth plug-in which creates an auth cookie as a hash of the username and a 
> secret key.  all of the apps have a copy of the secret, so they can verify 
> that the cookie is to be trusted.  since your apps are going to be on the same 
> domain, you can use a domain wildcard cookie and the remote hosted application 
> will get it.

I see. Any documentation on how those work?

> if you want session timeouts, you could integrate a time component into the 
> hash key generation, something that each side knows to change every 2 hours or 
> so.  you can do whatever you want, as long as both apps have all the 
> information needed to generate the hash key.


> of course, you still have the matter of getting the shop app to redirect to 
> the Plone login page when it needs to present a challenge.

That's ok, I think. They'll just code it that way, and Plone will 
redirect back using a came_from URL parameter.

> as for sharing more detailed member info, HTTP calls back to Plone is probably 
> the way to go.  or else use a custom PAS properties plug-in and store the info 
> somewhere else, where the other app might have more direct access.



Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book

More information about the Product-Developers mailing list