Hi all,
I have a Plone site that will maintain a member database and content.
One part of the site will go off to a "white labelled" (i.e. same style
sheet and template) shop system hosted by a third party, on completely
separate infrastructure. The shop will live on shop.domain.com and the
Plone site on domain.com.
I would like to support single sign-on and shared member data across
these two sites. In particular, users should only sign onto the Plone
site. When they enter the shop, they should appear logged in there if
they were logged into the Plone site (if they're not, there'll be a "log
in" link that goes back to the Plone site). Member data should only be
held in one place, the Plone site.
The shop site thus needs some way to:
- Find out if the current user is logged into the Plone site
- Retrieve member data for the current user
I'm wondering what the best approach for this might look like. The best
approach I can think of, is to always pass a unique, time-limited ID
from Plone site to shop when users click any link in the Plone site that
goes to the shop. This ID would be mapped to a Plone session. The site
then does a server-side call-back over HTTP to the Plone site, asking if
the user with the given ID has a valid session, and if so receiving
member data in the response.
This may work, but it's a bit clunky. It won't work if users have
bookmarks to the shop or hit it via some other URL. And it may make
session theft easier.
What better approaches are there? Do we have any tools for this? Could a
solution potentially be generalised (in which case I'd like to do so an
open source it).
Cheers,
Martin
--
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book
_______________________________________________
Product-Developers mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/product-developers
