My goal is to develop seamless authentication for clients from my billing system (WHMCS) to Sunstone. I want to implement the following scenario:
- client navigates to his personal page,
- script on the server gets OpenNebula username for the client from the db and generates a temporary token for this username with one.user.login method (using XML-RPC API),
- personal page embeds username and token like an url to login to Sunstone (somehow like this: https://sunstone.example.com?username=USERNAME&token=TOKEN),
- client clicks the url and immediately authenticates in the Sunstone without typing his username/password in any fields.
I think I need to make a custom auth driver for OpenNebula to be able to implement such scenario. I have read this document: http://docs.opennebula.org/5.0/integration/infrastructure_integration/devel-auth.html . But I still have questions:
- How do I get GET parameters (username & token) from the request inside the auth driver script?
- How do I validate a token? (yes, I can store and send a password instead of a token, but it is not safe, so I would like to avoid that)
- Do I need to know something else in order to be able to do what I want? If so, what is it?
I’ll be very grateful for any help.