I want to build a SSO (Single Sign On) solution for a couple different customer support sites my company has. We have a wiki, a download portal, and now we're adding a helpdesk / knowledgebase.
(Up until now we gave each organization a username and password they couldn't change.... and all customers had a shared login to our support site)...
We have proprietary info on our support sites so they're not publicly visible. But, when a customer needs info, I hate the idea of them having to register and wait for someone to approve them.
So, I want users to be able to create an account if they're already a customer (or from same domain as a customer) which would be determined by doing some lookups in our SugarCRM instance.
So, basically I want a "framework" for creating a registration portal / SAML identity manager.
- I'd plugin the policies for who gets to register without approval. (I'd implement a rest call)
I don't want to have to reinvent the wheel and implement all the mundane stuff like:
- Allowing user to reset their password.
- Form to allow user to change password...
- Verifying the user's email address...
- Preferably manage the "Authentication Database" where the identity manager looks up username and passwords... Starting from scratch so i'm not tied to anything in particular.
- BONUS: If the tool would allow the user to login using OAuth token provided by twitter, gmail, etc.
Anyone got any recommendations? For implementing this easily?
Here's a Diagram: