Well, I've looked at the autologin plugin, and have modified it like so:
<?php
class sso extends rcube_plugin {
public $task = 'login';
function init() {
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
}
function startup($args) {
$rcmail = rcmail::get_instance();
// change action to login
if (empty($_SESSION['user_id']) && !empty($_GET['_autologin']))
$args['action'] = 'login';
return $args;
}
function authenticate($args) {
if (!empty($_GET['_autologin'])) {
$args['user'] = $_POST['user'];
$args['pass'] = $_POST['password'];
}
return $args;
}
}
I've enabled the plugin in my roundcube config. I then call it from Javascript from the login page of the other web app:
I don't get any errors, and firebug shows that the post request went OK, but I am definitely not logged in to roundcube.
As you can see, I am using CORS to handle the cross-site ajax request.
Any ideas on where the problem might be, or some good debugging steps?