tags:

views:

60

answers:

0
Q: 

User Authentication outside a SAAS application

I have an open source SaaS workflow application, so it's best that I don't modify the code. For this application, we sell it as a SaaS, in which each company gets a unique URL and the users just login with their credentials. There are 3 groups of users

  1. Administrators
  2. Inside users
  3. Outside users

Now I don't want to touch the open souce workflow app as far as I can, but if I am forced to do it then I will do it. My task now is to create an external application that handles the registration and authentication of outside users.

The outside users group is different from other two groups. Both the Administrator and inside users groups are "localized" in each company, meaning that "AdminA" in companyA.mysoft.com and "AdminA" companyB.mysoft.com can be of different users.

But for the outside users group, they should be shared across all companies. This means that "outusers" in companyA.mysoft.com and companyB.mysoft.com must be the same person. This is because the Outside users group member can join multiple companies, and hence their username must be kept the same.

This is why I need to create an external application just to handle the registration and authentication of outside users. How to best design this application?

My thought is that I will create an external database that holds the Outside users group information. When a new Outside users member is created, I will attach him to company A in my external database, and create an entry for that user in the companyA db in SaaS workflow application, with exactly the same username and password. If later he wants to join a new company, my script will add him to companyB db in SaaS workflow application.

There will be data redundancies in this case, but is it a big problem? What about the chances of data corruption?

Or should I just modify the application to support this situation, but that will be hell lots of work because:

  1. When a user profile is viewed, instead of just query the company db, the logic must be modified so that the app checks first what is the group of the user, and pull the data from the external application if he's an outside user.
  2. To keep my copy of workflow synch with the open source one is a headache.
  3. Authentication code at model layer must be changed. When an outside user login via my external application, I will verify the user and pass the logon credential to the main workflow application. This means that the workflow application must now handle external credential.

What's your thoughts here?

related questions

How do you determine how far to normalize a database?
Tips for database design in a web application
How do you deal with polymorphism in a database?
Database Patterns
Is it okay to have a lot of database views?
Extra tables or non-specific foreign keys?
Implementing a '20 Questions'-like Wizard in a Database
Database Design for Revisions?
Which database table Schema is more efficient?
How do you build a ratings implementation?
How should I model a field that can contain both numeric and string values in SQL Server 2005?
What if analysis on multi dimensional cubes (OLAP)
Data model for a extensible web form
Database Schema Diagram Design Tool
Good strategy for leaving an audit trail/change history for DB applications?
How do you recommend implementing tags or tagging
One database or many?
Suitable E-R notation for introductory DB design course? Good/free diagram tools?
What is the best strategy for retainment of large data sets?
Query a union table with fields as columns.
When is a file just a file?
Database triggers
What are the advantages of using a single database for EACH client?
Database, Table and Column Naming Conventions?
Auto Generate Database Diagram MySQL