When signing up with GameCreate.com, you created a user account that became the owner of your domain. Other people may also sign up for accounts at GameCreate.com so that you can grant those people permission to access your domain (or parts thereof). Each person with permission on your domain maintains an account on GameCreate separate from any user account system you may have on your web site.
Enter external user authentication: you can configure GameCreate.com so that instead of authenticating your domain's users against GameCreate.com's own account system, it will instead authenticate with your user account system. This chapter explains how to configure GameCreate's external user authentication mechanism.
Create an Authentication Web Service
To enable GameCreate to authenticate against your user account system, there must be a way for GameCreate to make such requests. For this purpose, you must create a web service. If web services are new to you, ![[WWW]](/wiki/gamecreate/img/moin-www.png){kind=small}
http://webservices.xml.com/pub/a/ws/2001/04/04/webservices/ may be a useful introduction. There are many more resources available via your favourite search engine.
The web service you are going to build will need to make the following information available about users:
Unique ID: A (typically numeric) identifier for the user. This identifer must never change; so if your users are permitted to change their username, the username is not a suitable unique identifier.
Name: The user's name.
User Name: The username supplied by the user to login to your account system.
Email: The primary contact address for the user.
The web service must support the following operations:
User Login: GameCreate supplies a username and password. If valid, the web service must return the Unique ID, Name, and Email of the user.
Retrieve User by Unique ID: GameCreate supplies a Unique ID it has previously stored from your account system. The web service returns the current Name, Username, and Email for the ID.
Search Users by Name: GameCreate supplies a name (or a part there of). The web service returns a list of Unique ID, Name, Username, and Email for users whose name partially matches.
Search Users by Email: GameCreate supplies an email address (or a part there of). The web service returns a list of Unique ID, Name, Username, and Email for users whose email address partially matches.
Search Users by Username: GameCreate supplies a username (or a part there of). The web service returns a list of Unique ID, Name, Username, and Email for users whose username partially matches.
Get User by Name: GameCreate supplies a full name. If there is a user with the supplied name, the web service returns the matching user's Unique ID, Email, and Username.
Get User by Email: GameCreate supplies a full email address. If there is a user with the supplied email address, the web service returns the matching user's Unique ID, Name, and Username.
Get User by Username: GameCreate supplies a full username. If there is a user with the supplied username, the web service returns the matching user's Unique ID, Name, and Email.
To protect the privacy of your users, GameCreate defaults to showing only the name of users retrieved via your web service. You may optionally configure GameCreate to display usernames and/or emails when giving permissions to users.
The "User Login" and "Retrieve User by Unique ID" operation are required for the normal use of the GameCreate site. The remaining operations are required only when assigning permissions to users. GameCreate only stores data for users who have been given permission to access GameCreate.com or who have created one or more temporary servers.
For GameCreate to interact with the web service, a common interface must be followed for the two systems to communicate. The user authentication WSDL can be downloaded here: http://www.gamecreate.com/files/ExternalAuthentication.wsdl . The web service you implement must follow that definition.
Example
We have created an external authentication example implementation using PHP for a phpBB database. It demonstrates accessing a user table and returning the appropriate data. This can easily be modified to integrate with any user account system.
This can be found at http://www.gamecreate.com/downloads.php
Configure GameCreate for external authentication
Once the authentication web service has been written, GameCreate must be configured to use it. Click the Domain tab and then click Authentication. Enter the HTTP URL at which your web service is located and click Next.
GameCreate.com will now request that you enter your username and password on your account system. The entered values will be tried using the web service. Besides providing a useful test case to ensure your web service is working, this also identifies your account via the web service.
GameCreate will then identify all users who have one or more permissions on your domain, or one or more temporary servers. You will need to tell GameCreate, one user at a time, which account on your system is for that user. Users can be searched for by name, username or email. Alternatively, you can ask GameCreate to drop a user so that they will no longer have permissions.
Once all current users have been identified on your account system, GameCreate will proceed to update its records so that your domain uses the web service for authentication.
GameCreate authentication and External Authentication do not mix
Once you have converted your domain to use the web service for authentication, all user accounts created at GameCreate.com will cease to function (including your own). Users will need to use their username and password on your account system.
In particular, this means that your web service needs to always be accessible. If it is not, it will not be possible to log in to GameCreate.
Reverting to GameCreate authentication
If for some reason you no longer wish to use external authentication, you may revert back to using GameCreate's account system. The process is much the same as when converting to external authentication: click the Domain tab and then click Authentication. For each user, you will be required to either identify the appropriate account in GameCreate's system, or drop the user. Once all users have been identified, your domain will be switched to GameCreate's account system and the web service will no longer be used.