[Zope-PAS] Specific questions to PAS usage
Jens Vagelpohl
jens at dataflake.org
Sun Feb 20 12:24:54 EST 2005
On Feb 20, 2005, at 12:53, Janko Hauser wrote:
> Not directly PAS related, but does someone know of a way to allow
> cross-site logins, meaning logging in in one site and be authenticated
> also in other domains. My only idea is to use URL based sessions,
> which does look like a very brittle solution.
That's a very tricky thing to do. Basic auth won't work because the
browser won't send credentials for site A to site B. Cookies won't work
for the same reason, the browser will refuse to send it to a different
domain.
Eons ago in a Zope project involving Yahoo and a realty website I
implemented the ability for authenticated Yahoo users to jump to the
realty website without creating an account or logging in manually. The
following environment was provided by Yahoo:
- There is just one "approved" way to get from Yahoo to the other site,
and that's via a link from Yahoo. This link includes the URL to the
other site *and* a query string containing a token with the encrypted
credentials. Only this link contained the token, it was not part of the
normal Yahoo URLs.
On the Zope side the user folder was extended to look for this token
and decrypt it. If the user account was unknown it would be
automatically created. The user is then logged in automatically via a
Cookie set by the Zope site.
Given PAS and its pluggability it should be much less work to emulate
that setup nowadays.
jens
More information about the Zope-PAS
mailing list