[Zope-CMF] Re: Understanding the login mechanism

Dieter Maurer dieter at handshake.de
Thu Oct 9 15:15:35 EDT 2003


Gitte Wange wrote at 2003-10-9 13:28 +0200:
 > ...
 > I have 2 sites - mainsite.com and remotesite.com. User gitte logs into
 > remotesite.com
 > Then the user goes to mainsite.com
 > Now mainsite.com asks remotesite.com if user gitte is logged in (by using
 > XMLRPC)

We do something like this using encryption.

The link from "remotesite.com" to "mainsite.com" contains
the info: "I come from 'remotesite.com'" and an encrypted secret.

"remotesite.com" and "mainsite.com" have exchanged encryption
keys. "mainsite.com" sees an incoming request from "remotesite.com"
and uses its key to decrypt the secret. It gives:
the source (i.e. 'remotesite.com'), the user identity and a timestamp.
If the sources agree and the timestamp is fresh, then the user
is authenticated.


Dieter



More information about the Zope-CMF mailing list