[nsoonhui]

I am thinking about using ProcessMaker as a SaaS workflow application, in which each company gets a unique URL and the users just login with their credentials. In my application, there are 3 groups of users

[*]Administrators [*]Inside users [*]Outside users

My task now is to create an external application that handles the registration and authentication of outside users.

The outside users group is different from other two groups. Both the Administrator and inside users groups are "localized" in each company, meaning that "AdminA" in companyA.mysoft.com and "AdminA" companyB.mysoft.com can be of different users.

But for the outside users group, they should be shared across all companies. This means that "outusers" in companyA.mysoft.com and companyB.mysoft.com must be the same person. This is because the Outside users group member can join multiple companies, and hence their username must be kept the same.

This is why I need to create an external application just to handle the registration and authentication of outside users.

My thought is that I will create an external database that holds the Outside users group information. When a new Outside users member is created, I will attach him to company A in my external database, and create an entry for that user in the companyA db in ProcessMaker, with exactly the same username and password. If later he wants to join a new company, my script will add him to companyB db in ProcessMaker.

There will be data redundancies in this case, but is it a big problem? What about the chances of data corruption?

Or should I just modify the ProcessMaker application to support this situation, here are some of the areas that must be changed, and possibly I need help as well:

[*]When a user profile is viewed, instead of just query the company db, the logic must be modified so that the app checks first what is the group of the user, and pull the data from the external application if he's an outside user. [*]Authentication code at model layer must be changed. When an outside user login via my external application, I will verify the user and pass the logon credential to the ProcessMaker. This means that the ProcessMaker must now handle external credential. [*] Careful changes must be made to web services supported so as not to introduce security hole

What do you think? If I do make modification I want also to make sure that I can give back the code to the community so that other people can benefit from it.

[pmUser2000]

Very interesting,

• When a user profile is viewed, instead of just query the company db, the logic must be modified so that the app checks first what is the group of the user, and pull the data from the external application if he's an outside user.

you should change the php pages for user info, but that will be overwritten when you update PM, other alternative is populate user table in PM with the data you have in your external database.

• Authentication code at model layer must be changed. When an outside user login via my external application, I will verify the user and pass the logon credential to the ProcessMaker. This means that the ProcessMaker must now handle external credential.

now you can do it, check the class.ldap.php in the rbac plugins directory. The ldap authentication is a plugin model for any other authentication model.

• Careful changes must be made to web services supported so as not to introduce security hole[/list]

I agree, if you found a security hole, please let us know, and we can check it.

[tbush11]

I am also interested in creating a workflow(s) and offering them to customers. I read the previous post and am interested in how that approach turned out.