SLUG Mailing List Archives - [SLUG] safe(ish) single-login from website

To: SLUG <slug@xxxxxxxxxxx>
Subject: [SLUG] safe(ish) single-login from website
From: Taryn East <slug@xxxxxxxxxxxxx>
Date: Tue, 15 Feb 2005 16:41:23 +1100
User-agent: Mutt/1.5.6+20040907i

I've been given the task of doing a single-login and am having trouble
finding out how to do it...

the issue is that our business allows some of our website to be viewable
through the website of some of our "channel partners". These channel
partners have a login to our website to allow them to do this.

However, the channel partners have customers that only have a login to
the channel-partner websites... and the channel partners don't want to
directly give them the login to our site, but do want the pages
displayed (generally using yucky frames... but hey).

ok, now they aparrently used to do this by having a url with the
username/password in it (ie using "basic" http authentication with the
login details as parameters).

Firstly this is unsafe and secndly - microsoft (in a rare moment where
their interests align with ours) has turned this feature off in IE (to
stop address-bar spoofing).

I need some sort of alternative method of doing this, however all the
'help" files on this issue seem to just say: let the users get the
prompt and login...
the problem with this being that the user does not have the login
details and will not be given them - ie this is not a solution for me
:(


Now when this issue first came up I got all enthusiastic and went
wandring through the web and found that you can send the details in an
http header etc etc... however I seem to have hit a brick wall in that I
don't see how to actually send that.

There is a hell of a lot on the web on autologin functions from the
recipient side fo things (ie the one receiving the login details) but we
need some code to hand to our channel partners that can run on their
server to send the login details to us... something that can be
activated through a normal webpage that will not bug the user for
anything.


I trawled through the HTTP specs and the PHP pages looking for anything
that might help, but I readily admit that I'm doing a random search - I
don't really know where to go look for this stuff.

Does anyone here have any ideas? Even just some general direction on a
good place to go looking?

Cheers and thanks in advance,
Taryn



-- 
This .sig temporarily out-of-order.
We apologise for any inconvenience
                    - The Management

Follow-Ups:
- Re: [SLUG] safe(ish) single-login from website
  - From: john
- Re: [SLUG] safe(ish) single-login from website
  - From: Rob Sharp
- [SLUG] Re: safe(ish) single-login from website
  - From: Matthew Palmer
- Re: [SLUG] safe(ish) single-login from website
  - From: Mike MacCana
- Re: [SLUG] safe(ish) single-login from website
  - From: amos
- Re: [SLUG] safe(ish) single-login from website
  - From: Amos Shapira
- Re: [SLUG] safe(ish) single-login from website
  - From: Gavin Carr
- Re: [SLUG] safe(ish) single-login from website
  - From: Taryn East

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] FYI: Campaign of Mis-Information
Next by Date: Re: [SLUG] safe(ish) single-login from website
Previous by thread: Re: [SLUG] browser "follow me"
Next by thread: Re: [SLUG] safe(ish) single-login from website