Hi, I posted this in the Installation forum, but thought it wouldn't hurt to ask Developers for their input as well if there is a solution to this via code (instead of via installation / configuration).
Context:
My client has an existing website (portal) where users login to do stuff.
The client wants people to access Prestashop ONLY after logging into that site, and ONLY from within that site. That is, John logs into Acme.com, and there is a link after logging in that he can click to redirect to our deployment of Prestashop.
Further, they do not want the Prestashop deployment to be "publicly" accessible by anyone. That is, you must log into Acme.com to access Prestashop.
We might choose to customize Prestashop and remove/disable the account registration/creation features (i.e. everyone does guest checkout). But the client is fine leaving that for now (i.e. let the maintain a separate user system for now; yes, I know it's a bad user experience!).
Question:
Is there any way, out-of-box, via configuration / setup, to achieve the requirements above? Namely, force Prestashop to be accessible ONLY after logging into another website, and from that website only (private to that site, not public).
I have not seen any single sign-on feature for Prestashop, and further not a lot of modules out there for SSO (we'd probably have to write our own). So without wanting to head down that path for now, we want to basically restrict access to Prestashop by forcing people to go through this other website.
Any feedback would be appreciated, thanks!!!