This is my first blog for GSoC 2009. It's kinda a bit late compared to other 17 students. :) I had a school event that I needed to attend at the end of May, so I just could started on June 3rd..

First of all, this integration project is really challenging I have to say. Since integration between two systems using cURL is something obvious and has been done by folks already. I'd like to take this J!Mint a step further. Luckily I have some experience with Magento, so that didn't hold me back much. However, to come up with a solution for SSO, it took me quite a while learning and trying out new stuff.

Features :
- Cross-domain SSO, which means that we still have two separated systems running, a Joomla site and a Magento site.
- Once the user logs in the Joomla site. He'll have access to Magento as well. <-- which means if the logged-in user opens another tab and browses the Magento site, he must be still on logged-in status automatically.

- After the user has been logged-in on Joomla site. He can go to the Magento site to shop as usual !

- This SSO solution is not about displaying Magento logged-in content on Joomla site using cURL yet.

Difficulties :
- This cannot be done only using cURL like I thought before in May.

- Needed to make use of iFrames. Cross-domain issue solved.

- Security issues raised when redirecting the login info to the Magento login form.

Work :
- I've done extensive searching and learning on cURL, and Ajax cross-domain communication using Flash / iFrame / Proxy / Hacks / On-demand Javascript. After trying out different techniques, and considering the pros & cons, I came up with a "no-hack" solution using iFrame & a simple proxy on the Magento site.
- I'm working hard on it and hopefully can release the Beta version of SSO plugin by July 1.
- The integrated backend template of Magento into that of Joomla should come along soon, as planned by July 15.  

Below is the table specifying which types of users are supported by this SSO plugin.

The following flowchart shows how the login mechanism takes place for the user type of Customer. The login process for other user-types should follow the same process with slight modifications. 

I basically use two iframes on the Joomla site:

1. One iFrame used to post credentials to the Magento login form. (3) & (4)

2. The second iFrame (5) & (6) is used to verify if the login process has been succcessful or not. The trick is this iframe opens the proxy on Magento. And this proxy checks if the current user is logged-in by simply trying opening a fixed link on Magento that is supposed to be accessible by logged-in users only. If the user is logged-in, then this proxy redirects itself to a page on Joomla, informing Joomla the status of the user. Since the proxy has been redirected back to a page on Joomla site, the iframe is accessible by Joomla, and it doesn't violate the cross-domain rule. No hacks whatsoever. If the proxy is not redirected back to Joomla site, this iFrame is not accessible by Joomla --> indicating this user is not logged-in.

Demo :

Joomla site: http://www.hateit.net/login/

Magento site: http://www.iamtotti.com/server/shop/

The demo login is provided on the Joomla site.

Compatibility :

- Tested on FF 3, IE 7 (protected-mode-Off) , Opera 9.2 , Chrome 2, and Safari 4.

Release :

- This is not even an alpha version yet, just a quick and dirty module on Joomla to test. I'm working on making it an Ajax plugin.

Looking forward to hearing comments from you :)

Anh