SSL & SSO

robert@zakongroup.com · September 2008

Our client has a web site where users may set up an account. Users who are members may access restricted site content. There is a daily process that runs and (un)sets accounts for member privilige.

As the client migrates part of the site to Convio, they would like to retain this functionality. It looks like we may be able to accomplish this by using the SSO mechanism where users login via Convio (i.e., the main site would no longer keep account info). When restricted content is requested, we will redirect to the Convio SSO login page, and have them redirected to the main site which will check through the Consituent API for member status, and set a local (session) cookie as appropriate.

We are however being informed by a Convio contractor that this will not work because we also want the login protected by SSL.

Has anyone accomplished something similar? Is the SSL/SSO issue real?

Thank you.

David Hart · September 2008

This is only partially correct. I will need to dig around a little bit to get a more detailed explanation though.

Stay tuned.

SSL & SSO

Comments

Categories