Strategy for automatically logging in a user from an external website

Is there a way that a registered user can be logged in from an external web page without having to enter their joomla login info?
We have a external corporate site where a login is required and it authenticates the user. The goal is to have the user click a button on that site and automatically log them in to the CB powered site without their having to enter any login info.
It's a little like the idea of logging in using Facebook but even simpler and without any action on the part of the user.
I know it's a stretch but if anyone knows how to do this, it'll be you guys.
thanks for any suggestions.
Best regards

There's a Login / Logout action within CB Auto Actions. If you supply a username, but no password it'll log them in bypassing password validation. This can be dangerous if you do not secure your usage. To secure your usage you should have some sort of authentication token that you can safely validate. I really don't recommend doing this though as without a true oAuth or OpenID exchange it's going to be pretty hard to determine the URL actually came from that user. I guess one simple way to do this is as follows at the bare minimum.

1. Secure the URL with a token. The token could be an md5 of the username + a secret key only known to you.
2. Secure the URL with a timestamp. This should be a timestamp string of the time the button was rendered (or ideally button should redirect to an internal URL that adds the token and timestamp then sends them to the action url). For added security go back to step 1 and also md5 the timestamp.
3. Your timestamp should be conditioned to ensure the login is happening within say 30 seconds of the button being clicked (this means the current URL essential becomes expired afterwards).
4. Your auto action should condition for the token and compare it to an md5 of the username in the URL and of your secret key (use format functions for this). If you added the timestamp to the token be sure to include it here as well.

I strongly advise you to just make them do the responsible thing and type in their username and password normally after being redirected to CBs login page. It may inconvenience them for a few seconds for the sake of significant security gains.

Hi Krileon,
Thank you for the fast response and in depth response and suggestions. This will help us come up with a strategy that is reasonably secure. And I certainly agree the minor inconvenience of logging in, especially with a automated password manager, is trivial when compared to the nightmare of being hacked.
Just ask the DNC....
Thank you again for your help.