Hi,
I need to use "external authentication" in some drupal-site.
Description about external auth is like this:
The following data must be gathered for addition of a tool to the external auth:
* client – A clear project name or website name that has not already been used.
* url – An URL to the website’s validation page (explained below)
* secret – A secret password that validates the authenticity of external auths. This should only be known by the tool owner (and of course Tribalwars/Die-Staemme).Instructions for external auth:
1. Redirection to external auth from external site
A visitor to the external site requests a page or action that requires authentication (for example, writing a comment). The external site has no direct access to the internal system of Tribalwars. However, the external site can add the comment but mark is as ‘not yet authorised’ in the database. Afterwards, the user is redirected to the external authentication. This is located at http://www.tribalwars.net/external_auth.php. The page expects the following parameters via GET:
SID: unique Id, generated by the player’s page. This could be the ID of his/her comment.
Client – the client as supplied and entered in to the external auth database.
2. The authentication of players
At this point the visitor is no longer on the player project’s site, but on the site for Tribalwars external authentication. The visitor must now login using their normal username and password from the game. If the authentication is successful, the Tribalwars system will make a HTTP request to the client’s validation URL to provide confirmation to the player’s website that the visitor has successfully authenticated. As the validation URL is only used internally by the Tribalwars system it is recommended that the URL is not made public.
When Tribalwars calls the validation URL the following parameters will be passed via GET:*sid: The unique ID that was passed to external_auth.php via the original redirect, for example the ID of the comment.
*username: The username that the visitor has logged in with.
*hash: A MD5 hash of a string consisting of the variables “sid”, “username” and “secret” together. e.g. $hash = md5($sid . $username . $secret_password);
The validation code on the player project should check the hash variable to make sure that the request is legitimate. As only the website owner will know the secret password the hash cannot be faked if someone found out the validation URL. If the authentication was successful and the data submitted is correct than the comment or resource can be marked as authenticated.
3. Redirecting the player back to the player site
I can't find any "ready to use" module, that I can use. Do you know some?
best regards
kors4r
(sorry for my english)