How to pass login credentials from foo.com to bar.com securely?

I have two websites https://www.foo.com and https://www.bar.com. bar.com is the actual application, but foo is where the clients would prefer applicants log in. Historically I have logged in at www.bar.com, but now wish to create a form on foo.com to login to bar.com that passes the login to bar.com securely. If there is an error with the info entered into foo.com, i'd like to redirect to bar.com.

[both sites are https]

I've got a form built for the clients, but certainly don't want to send passwords in clear text.

clarification The form is to be given to multiple clients that they will then put on their own page to login to the actual application. The clients are SaaS, that no longer want the company that "does all the lifting" to be what their c开发者_Python百科lients log into

It doesn't sound as though you need any complicated server-side solution for this. Just copy the form from bar.com to foo.com, and modify the action attribute of the form element to start with https://bar.com/. No other changes would likely be necessary, and this would be no less secure than logging in on bar.com directly.

You don't want to pass credentials between sites. This is inherently insecure. What you want is a single sign-on (SSO) solution that allows for centralized authentication and access control.

Read up on SSO:

http://en.wikipedia.org/wiki/Single_sign-on

CAS is a popular SSO, and there are many languages you can use.

If you make those two web sites http://www.foo.com and http://secondsite.foo.com then you could share a single login cookie between the two sites (rooted to "foo.com") and the user could freely go between the two sites, logging in on either one.

There are some javascript md5 encryption functions that can encrypt your password before sending it to http://bar.com/login. If you choose this method be aware those functions have mistakes and some of the generated hashes aren't right.

I would personally choose using ssl as this is the most secure way.