I have an application which has an internal SSO implemented with it's sister sites; using a CAS implementation. It works fine and allows seamless transition for user between sites. (Though upon first visit to each site; user must provide some basic details to each site).
Now we want to go ahead and have facebook connect implemented or for that matter RPX Open Id. The problem is this, that currently system assumes that email id of user is unique. So following are some of the problems:
- If we allow facebook connect then email id can no longer be unique. To remove that constraint, would be too expensive.
- If we did allow user to login using facebook connect, what and kept a different user profile for him; problem occurs when he deviates to a sister site? How do we keep track of user profile without merging. Or even if we merge we cannot authenticate him without capturing application specific credentials from him.
- Assuming he is logged into application SSO and facebook connect too; if we always give SSO the priority; it essentially means that facebook connect flows will have to be hidden from the logged in user; and it would mean a bad user experience.
I was just wondering maybe other people have also implemented facebook connect or open id on their websites; how do they handle merging of users; specifically if you have a SSO of your own already present on site.
Cheers