We are in the process of investigating including our implementation of the aspdotnetstorefront site within a single sign scenario (.NET SSO and Claims based STS). Our current 'store' itself does not use credit card information for purchase therefore therefore security compliance is less of an issue.
Our issue is with the fact that aspdotnetstorefront requires the User.Identity.Name to be a guid and our other websites, including a Community Server installation has this property set as the username string.
As the code which fires the Authenticate_Request method is located in the encrypted ASPDNSFApplication.dll (AspDotNetStorefront.Global.Application_Authentica teRequest) we are currently unable to investigate how the guid is set nor are we able to come up with any workarounds to allow SSO integration. We have tried to include a custom Authenticate_Request method however we are currently unable to prevent the default method from firing. Our ideal scenario is that we have User.Identity.Name set as a standard username string and apply some other logic that converts to a guid where the store code requires it.
If anyone has come across this issue or could provide any help on this matter that would be great.