[Zope-CMF] Re: Understanding the login mechanism
Dieter Maurer
dieter at handshake.de
Thu Oct 9 15:15:35 EDT 2003
Gitte Wange wrote at 2003-10-9 13:28 +0200:
> ...
> I have 2 sites - mainsite.com and remotesite.com. User gitte logs into
> remotesite.com
> Then the user goes to mainsite.com
> Now mainsite.com asks remotesite.com if user gitte is logged in (by using
> XMLRPC)
We do something like this using encryption.
The link from "remotesite.com" to "mainsite.com" contains
the info: "I come from 'remotesite.com'" and an encrypted secret.
"remotesite.com" and "mainsite.com" have exchanged encryption
keys. "mainsite.com" sees an incoming request from "remotesite.com"
and uses its key to decrypt the secret. It gives:
the source (i.e. 'remotesite.com'), the user identity and a timestamp.
If the sources agree and the timestamp is fresh, then the user
is authenticated.
Dieter
More information about the Zope-CMF
mailing list