Single Sign On Cookie Based From An External Service: Integration

Hello everybody.

I’m dealing during these last two days with some nasty task for a project at the office.

Here is the goal: integrate an external login/registration form (domain.com), not Yii based, to grant to my Yii app (subdomain.domain.com) a Single Sign On feature.

The form has to be included by iframe on the subdomain, a domain cookie is dropped, I have to read it, get the value of a token, use webservices available on domain.com to retrieve all the data about the user and than use everything on the subdomain for database storage and anything.

I’m still trying to figure out which is the best approach to the problem.

At first I was planning to complete override the Yii Authentication feature, because all the stuff is done on the domain, and what I have to do is just check if the cookie is available, and then use the token to retrieve all the data I need from the database. So I was going to override CWebUser, and the mothods init, restoreFromCookie and so on.

My question about this approach: is it one of the right ones? I mean, can I completely ignore the Authentication Feature of Yii and just use the remote one, or both of them have to work at the same time for any reason I can’t see at the moment? Any cons to this way?

Is it ok to override CWebUser for my goal, or there is another logical approach better suited?

I’m looking at the implementation of oauth and similar extension available, but I’m still trying to understand most of the mechanics.

THanks in advance for any suggestion :)!

hi…i have the same problem too…

anybody can help ?