I’m trying to code an SSO between Joomla and my CakePHP (1.3) app. Users should be able to log into Joomla, click a link to go to the CakePHP app and be logged in with the same user.

In my users_controller, I have an action called ‘joomlalogin()’ where I read the Joomla session variables, check to see whether the joomla user already exists in my CakePHP app, create the user if not. This all works.

The issue is that I can’t seem to manually log the user in using Auth->login(). I tried passing a full user, tried passing the user_id. The function returns ‘true’ but as soon as I go to a next page, the login seems to have failed. Here’s one version of the code:

$existing_user= $this->User->find('first', array('conditions' => array('User.joomla_userid' => $joomla_user->id)));
if ($existing_user && $this->Auth->login($existing_user)) {
  $this->Session->setFlash('You have successfully logged in.');
  //debug($this->Auth);
  $this->redirect('/users');
}

The flash message appears, the redirect happens but it immediately gets redirected to the (regular non-sso) login form because the ‘/users’ is not allowed for anonymous users.

Why is Auth->login() returning ‘true’ if the user is not really logged in. When I look at Auth->User(), it contains the correct user data, everything indicates the user is logged in until the redirect happens. Any idea what could be the cause of this or what I am doing wrong?