So, I have over the last few months been playing around with various CMSs (mainly Drupal, Tiki Wiki CMS/Groupware, and Wordpress) and have found they each want to have their own users table with their own user accounts etc.

I was hoping to find a way to have a CMS agnostic repository where the respective system can pull authentication info. I assumed that this would require some variety of abstraction layer for each system (in the form of a plug-in, module, etc).

I run into this because I was using Tiki Wiki CMS/Groupware for a while there and ultimately decided that I wanted to move onto something else (switching to Drupal). I have a few friends that have used this early version of my site and I am annoyed that the users will go away with the system. Feels like throwing the baby out with the bath water. I want the system replaced, not the users. I don't want to run into a similar situation with a larger community of users.

I have looked around and found myself a bit overwhelmed and lost in the woods. From what I can tell, operating as a OpenID host would be perfectly fine (these systems seem to readily support this). However, I don't want the users to have to click the whole "log in with Open ID" thing in order to log in. I read a little about a system called Shibboleth http://shibboleth.net/about/index.html, but found myself buried in background documentation and decided I wanted to avoid investing so much time into something I am not even sure is what I am looking for. I also looked at JanRain (http://janrain.com/products/engage/engage-pricing/) and found that it appears to be around-ish what I am looking for (I think), but has some pretty steep prices for larger sets and doesn't give me API access without PRO ($1000/year). I was more or less hoping for an open source equivalent (avoids costs, lets me into the details, minimizes 3rd party dependencies), and figured that it must exist, I must just suck at finding it.

Short Versions (TLDR):
Need:
  • Users within my website ecosystem to be able to use the same user name / password automatically. ie A user can go my main site(www.sample.com), any of it's subdomains, and a completely different domain (www.othersample.com) and be able to log-in using the same account.
  • For users that are already registered with my "ecosystem" login should feel "normal" (ie they shouldn't have to click on "login with OpenID" or something). They enter their user name, then their pass, and they go.
Would Also Like:
  • Users to be able to skip the need to log-in if they are already logged in (single sign-on). (From what I understand this is only realistic within the context of a particular domain and it's subdomains, which is fine).
  • Users should be able to "login with Facebook / Google / Yahoo" or the like. From what I understand, this is more or less just a shortcut to info for the site anyway (goes and fetches information from Facebook or wherever to make filling in the user data quicker for the user).
Notes:
  • I take it as a given that some level of configuration would have to be done for each subdomain and alternate domain to "bring it into the fold."
  • My main target system for this at this point is Drupal, and to be able to access using proprietary systems.
  • It seems like this sort of thing should already exist, and wanted to check with people who know what they are talking about before going off and coming up with some kind of proprietary solution.
A little background:
My Abilities:I am a college student and come from a more or less classical programming background using C++/Java/VB. I have been moving into web development because that seems to be "where it is at". So, I have become fairly proficient in HTML/CSS/PHP.