Designing a single sign on / CAS interface

I am creating a SaaS that will allow users to interact with it via their web applications. I would like to create a CAS type login mimicking Fa开发者_运维百科cebook connect so when you click the 'Login' button on the users website it will popup a window for you to login with my SaaS credentials.

I do not want the SaaS users site to be able to access the users login credentials so this is why I thought of CAS. However, it doesn't look like Facebook Connect redirects to the CAS server. It looks like they just popup a window to the facebook login then create a cookie once the user successfully logs into facebook. How then does the Facebook Connected site access that cookie?

I am wanting to basically be able to keep the end user on the current website without being redirected to my login application. I would like to mimic what facebook does with just popping up a little window and have them login then refresh the page after they login but I am not sure how to go about this.

Any ideas?

Facebook uses a third party cookie: they set a cookie on your domain that you can access to get the necessary credentials.

EDIT: the easiest example would be to look at PHP's setcookie function. Notice that there is a domain parameter. If you change the domain to match the domain of the actual website that initiated the authentication action then you'll be able to set a third-party cookie.

Note that on IE there are certain headers the domain that initiated the authentication action needs to set to allow your third-party cookie to be set. See http://www.spamcollect.com/archives/33 for a short writeup of how that works.

If you are working in a different language you'll need to use whatever cookie management functions they offer.

Another option may be to do this with CAS programmatically using the REST client.

https://wiki.jasig.org/display/CASUM/RESTful+API

In this way you could take the users details and login to CAS without being redirected.

Facebook uses Cross Domain communication which is what I will be using.