Hi, I am creating an app that will act as a central login module and also SSO.
The following are the use cases - User email is @googledomain 1) User navigates to an app "abc". 2) User is redirected to the login module. 3) User is prompted for username and password. 4) User enters a username @googledomain.com (This is a custom google apps domain know to the app). 5) User is authenticated using OpenID. User email is @anything.com The only change is in step 5, where user is now authenticated using the auth_user table. Now when any of the above user tries to access another app "cde", they are redirected again to the login module. However the login module checks if the user is authenticated, which he is, so he is redirected back to the client app "cde". This is a simple approach on implementing SSO. So two questions - 1) How do I have mixed authentication schemes in web2py. ie authenticate some user using openid, and others using auth_user. 2) Any security vulnerabilities in the SSO, or any better way ? Thanks, Murtaza --
