I have an application with an internal SSO implemented with its sister sites; using the implementation of CAS. It works great and provides a smooth transition for the user between sites. (Although on the first visit to each site, the user must provide some basic data to each site).
Now we want to continue the implementation and connect the facebook or, if you want, the RPX Open identifier. The problem is that the system currently assumes that the user's email id is unique. Here are some of the problems:
- If we allow us to connect to facebook, the email id can no longer be unique. To remove this restriction would be too expensive.
- If we allowed the user to log in using a connection to facebook, which stores a different user profile for him; Does the problem arise when it deviates from the sister site? How we track the user profile without merging. Or, even if we are united, we cannot authenticate him without taking specific powers from him.
- Assuming it is registered in the SSO application and facebook connect; if we always give priority to SSO; this essentially means that facebook connection streams should be hidden from the registered user; and that will mean a bad user interface.
I'm just curious, maybe other people have also implemented facebook connect or open id on their sites; How they handle user merging especially if you have your own SSO that is already on the site.
Greetings
source
share