Hope this is not too broad but after a lot of googling I am not sure where to start. I am looking for a introductory/noob overview to help me get started on building an authentication implementation for a rails 3 application.

Basic technical requirements:

• Rails 3 application is hosted on third party service (heroku)
• Need to use specific external private SSO service to authenticate users.
• No local user database or model in the rails application.
• Authentication is token based meaning that there is a special cookie that needs to be read passing back token to SSO server (not rails based).
• I have no control over the SSO server or infrastructure.
• Trust of the SSO server is implicit and do not want to maintain local database of users, passwords, or sensitive information. User info only exists during session and the SSO server is authoritative.
• Session token info is cookie based and lives for the duration of the browser session.

I am looking for basic example/tutorial/strategy/explanation of how the process would work in rails with the above setup. I would like the process to be seamless for user with workflow that basically looks like this:

• Navigate to rails app -->
• redirect unauthenticated users to SSO server -->
• login and authenticate via remote SSO server -->
• callback/redirect to rails app -->
• capture user info passed back from SSO server and load protected resources in rails app

Strategy is completely custom using a private SSO resource and does not use a well published auth mechanism (in other words not Facebook, Google, Twitter, OAuth, etc).

Any help on terminology, coherent tutorials, examples would be appreciated.

Edit/Update:

To be more specific I am also looking for good documentation how to create an omniauth custom developer strategy. Some tutorial that goes through the kind of code required to talk to an arbitrary SSO server, read a token out of a cookie, and complete the authentication handshake and callback/redirect.

This isn't really an answer but I'm posting this because a comment just wouldn't do. I don't know of any comprehensive guides so here's what I'd suggest you do:

1. Learn how Omniauth works. There's a great Railscast about authentication using Twitter. It's really simple and it will get you in the flow of the thing.

2. Build your own Omniauth strategy. Go to the list of Omniauth Strategies and scroll to Developer Strategies. In that table, choose the strategy you can use to connect to your SSO server.

Ideally, you'd be able to use OAuth2 and there are a couple of guides that talk about implementing your own OAuth strategy:

1. Custom OAuth 1.0 strategy to connect to Rdio
2. Custom OAuth 2.0 strategy by Intridea (the creators of Omniauth)
3. Custom OAuth 2.0 strategy to connect to Force.com by Heroku

But since you can't, just give a quick look at those guides. Without any specifics it's kind of hard (for me) to give any more help, but hopefully someone else will fill in the details.