Best Way to Authenticate and Login External User Via Webservice / Single Signon
Posted on 2011-05-10
I need to allow some users into my application from a partner application (and they will do the same). The partner will pass to my webservice a userid, organization id and a secret organization key which will have been predetermined and already set up on the partner side database. I need to get the passed user through my login authentication (which normally would require a password but will not in this case) and then provide a link back to my partner's side with a session id for the user to click and get into my application. I'm not sure of the best way to do this and have little experience in webservices. (I know I know!)
I'm not sure if I should just rebuild my fairly complicated login process in the webservice cfc (the login process checks for expired or inactive userids, records an access attempt, assigns session variables and so on) or is there a way to just include the existing login.cfm inside the cfc and then pass back the resulting sessionid? And then how exactly do I code the session id into the link returned to my partner so that my user can get right in?
Both environments are https.
This is probably not written correctly but hopefully you get the gist.