Welcome to WebmasterWorld Guest from 23.20.6.20

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Single Sign On

Authentication across different websites

     
4:32 pm on Sep 17, 2012 (gmt 0)

Full Member

10+ Year Member

joined:June 29, 2005
posts:216
votes: 0


So, we're in the situation where we are having customers asking us for a 'single sign on' solution, whereby a user logged into their account on our customer's website is also logged into an account on our website.

However, they don't know they are asking that. All they know is that users can log into their own website, and when they redirect the user over to our website (for certain pages), they don't want the user to have to register and log in again.

Usually, we deal with customers with very basic websites, without any authentication anyway, so this issue never comes up, but we've had a few questions asked in the last couple of weeks.

The problem is that these are not companies with their own development teams, but use completely different third parties who create their websites for them (you know the type - 200 for a basic 5-page website with a contact form, etc).

I've been saying that implementing a single sign on solution is not a quick job. Many moons ago I developed a site that authenticated via an existing single sign on solution, and that alone took long enough.

Has anyone got an experience with doing this in this way?

If we were just talking one customer who needed this, then fine, I could just talk to whoever their IT guys are, and get something working. But this is likely to be something that countless different customers are going to want, all who have websites built in different ways by different people.

I would think that we would have to set up our own solution, regardless of any specific company's needs, and just tell them what we have available and let them connect to it, but I know that will go down like a ton of bricks.

Any thoughts?
8:55 am on Sept 18, 2012 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:22839
votes: 308


My first thought is of security, or the aspect of weaker security. That has got to be the top priority, and may be a good angle to help change their minds.
3:11 am on Sept 19, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 30, 2006
posts:1641
votes: 4



single sign on, one lock, many doors.

then you have to go on a fire drill sealing off all the doors....((how fast can diff teams really react in a time of crisis))

then rethinking it was a bad idea...and unwinding the ball of wax. - more confused customers at best, worse things at worst.