On our network (a group of related websites - not a LAN) we have a common authentication system which works like this:

• On a network site ("consumer") the user clicks on a login link
• This redirects the user to a login page on our auth system ("RAS").
• Upon successful login the user is directed back to the consumer site. Extra data is passed in the query string. This extra data does not include any information about the user yet.
• The consumer site's backend contacts RAS to get the information about the logged in user.

So as you can see, the consumer site knows nothing about the authentication method. It doesn't know if it's by username/password, fingerprint, smartcard, or winning a game of poker.

This is the main problem I'm encountering when trying to find out how I could write custom authentication plugins for these packages, acting as consumer sites:

• Wordpress
• Joomla
• MediaWiki

For example Joomla offers a pretty simple auth plugin system, but it depends on a username/password entered on the Joomla site.

Any hints on where to start?