Custom auth with external login app
658048Jul 14 2009 — edited Sep 30 2009Hello, scenario is this:
1) our custon non-Apex login app stores usernames and passwords and session info in a database
2) one has to login at http://xx.yy.qq/loginapp to get a valid session stored in a sessions table
Now upon a person arriving at my Apex app, the Apex app needs to
1) check if the login app has a valid session for this user in the database (using a sessionid, processid and app id generated by the login app, and passed to other apps using url parameters like this: http://ww.ss.pp/app?sessionid=111&procesid=555&appid=888
2) if yes, then let person in to use Apex app (perhaps creating a cookie so as not to overload the sessions-table of the loginapp)
3) if no, redirect to the login app at http://xx.yy.qq/loginapp
Now, how should I go about this? Would a sentry function (wich would check an apex generated cookie) be the way to go?
But how to initially pass and process the url parameters needed to check valid session? Should I make a proxy page that does this?
or if the sentry function is not a good idea, how to tweak the custom auth so that there is no need to pass usernames/passwords to create a valid session?
I am very confused and I don't understand much of this authentication process. I have been googling but there were not many examples to be found.