I'm developing a marketing extranet for a large multinational, they have a large number of internal sites (50+) all accessed via a single "portal". A user logs into this portal and then has a number of links to all of the internal sites to which they have access.
The portal generates a "token" which is then used for single sign on across all of these sites. The link from the portal is directly to the login script of the individual site, and that site then decrypts the token and uses the data in it to either create a user or log the user in. At the moment I'm using one of their pre-written scripts which decrypts and validates this token against the central user table, then sets the user details in the session. I'm then using cake to see if this user exists, then if not i'm creating them, and if they exist i'm passing the details to cake's auth component to log them in. This works fine 90% of the time, but 10% of the time cake redirects the user with a valid token to the cake login page (sans token), breaking the token decrypting script, and I can't figure out why. I know cake checks the referer on login, and if it's external cake will redirect you to the login page, but i've set security to low, so it no longer does this. We are also using SwfUpload, which I know has issues with Sessions, but after removing the user agent check in the config I again appear to have no issues with this. the code is below, and help would be greatly appreciated. http://bin.cakephp.org/view/1076407927 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
