joined:June 29, 2005
So, we're in the situation where we are having customers asking us for a 'single sign on' solution, whereby a user logged into their account on our customer's website is also logged into an account on our website.
However, they don't know they are asking that. All they know is that users can log into their own website, and when they redirect the user over to our website (for certain pages), they don't want the user to have to register and log in again.
Usually, we deal with customers with very basic websites, without any authentication anyway, so this issue never comes up, but we've had a few questions asked in the last couple of weeks.
The problem is that these are not companies with their own development teams, but use completely different third parties who create their websites for them (you know the type - £200 for a basic 5-page website with a contact form, etc).
I've been saying that implementing a single sign on solution is not a quick job. Many moons ago I developed a site that authenticated via an existing single sign on solution, and that alone took long enough.
Has anyone got an experience with doing this in this way?
If we were just talking one customer who needed this, then fine, I could just talk to whoever their IT guys are, and get something working. But this is likely to be something that countless different customers are going to want, all who have websites built in different ways by different people.
I would think that we would have to set up our own solution, regardless of any specific company's needs, and just tell them what we have available and let them connect to it, but I know that will go down like a ton of bricks.