On our network (a group of related websites - not a LAN) we have a common authentication system which works like this:
On a network site ("consumer") the user clicks on a login link
This redirects the user to a login page on our auth system ("RAS").
Upon successful login the user is directed back to the consumer site. Extra data is passed in the query string. This extra data does not include any information about the user yet.
The consumer site's backend contacts RAS, with this extra data, to get the information about the logged in user (id, name, email, preferences, etc.).
So as you can see, the consumer site knows nothing about the authentication method. It doesn't know if it's by username/password, fingerprint, smartcard, or winning a game of poker.
This is the main problem I'm encountering when trying to find out how I could write custom authentication plugins for these packages, acting as consumer sites:
Wordpress
Joomla
MediaWiki
For example Joomla offers a pretty simple auth plugin system, but it depends on a username/password entered on the Joomla site.
Any hints on where to start?