I am working on implementing SSO as part of a Clearspace implementation that will link to an existing site which requires a logon.
The idea is to have Clearspace recognize the user by looking for a cookie with encrypted information. I have extended Clearspaces Authtoken and Authfactory.
I simply want to be able to read this cookie with the Authfactory class and pass the user's id to clearspace. The issue I am running into and this is no news flash is the scoped cookie can't be seen. We use this scoped cookie to solve the SSO paradigm with hosted services such as Koders. I am pretty sure that an unscoped cookie will work but I am looking for a better solution.
Can anyone provide some insight on how they solved a similiar issue.
I'm not totally clear on what you mean by scoped vs. unscoped cookies? Are you talking about domain specific cookies? Can you give an example? (ie: we're trying to authenticate users from domain1.example.com and clearspace is on domain2.example.com, etc..)