How to Auto Login from Remote Site?
How to Auto Login from Remote Site?
- Subject: How to Auto Login from Remote Site?
- From: Kieran Kelleher <email@hidden>
- Date: Thu, 6 Jan 2005 14:58:13 -0500
I have a customer whose clients have their accounts on their web application. They want to send authorized users to our site without them having to log in again at our site. I am thinking of this approach and I really would appreciate any feedback....
1) I will create no password accounts on our website with userids corresponding to the customer's own website.
2) The customer site will redirect its logged in users to a Direct Action in my WO app using a secure request with form value key pairs that they generate based on my spec. The request will be authenticated using the following criteria for the request:
It must be a secure https request
It must originate from the customer's IP address
It must contain a valid userid
The request must contain a master passphrase for the customer
Failure of any of these criteria will result in logging the reason it failed and a Page Not Found error (I don't want to give away details why the request failed)
Does this sound like a sound secure approach, is there a better design pattern or am I reinventing the wheel?
________________________________________________________________
Dev Config = OS X 10.3.5 / Java 1.4.2_05 / WO 5.2.3 / XCode v1.5 / MySQL 4.0.20 / Connector-J 3.0.11
Deploy Config = OS X 10.3.7 Server / Java 1.4.2_05 / WO 5.2.3 / MySQL 4.0.20 / Connector-J 3.0.11
My Blog: http://webobjects.webhop.org/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden