Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Best solution for centralised user management system for multiple systems

Currently, we are running 2 web pages based on WordPress, custom application built in JS (Hapi, Angular, Mongo), as well as self-hosted GitLab repository and hosting based on ISP Config. Currently, user which want to use more than 1 service is forced to create multiple accounts.

What would be the best approach to centralize it assuming that we want:

  • a user to use same credentials on each page
  • allow a user to log in using social login (Facebook, Google, Twitter) and still keep his single profile
  • centralize information about user services, usage and billing information (invoices)

We do not want overcomplicate the solution, therefore, we don't want to centralize access management and obtain them from centralized server, each page/service will maintain it's on it own (i.e. when user makes a purchase in on of the WP sites (woocommerce) wordpress itself will maintain order and we will write custom code to report sale to centralized system for billing purpose)

We are currently considering using LDAP or Kerberos, what would suit better?

Secondly - how to cover part regarding social login? I assume that we should still allow user register using OAuth2 and somehow synchronise the data between each service and centralized system. Is there another way?

like image 339
Dawid Adach Avatar asked Dec 20 '17 05:12

Dawid Adach


People also ask

What is centralized user management?

Centralized user management allows IT the control and visibility over every device, application, or network across the organization, without dictating what resources are the right choice for each group. Central control over users ensures that digital assets stay within the organization.

Why centralized account management?

A centralized user management system reduces the operational complexities regarding management and controlling of user accounts and server requests. This way, centralized user management reduces risks by improving the security of applications and online servers through efficient management of user requests.

What is user management tool?

The User Management Tool enables you to provision employee user accounts and distribution groups from Active Directory (AD). The User Management Tool: Enables provisioned users to sign in to ShareFile/Citrix Files using their AD credentials.


1 Answers

Your desires [correct me if I'm wrong]:

  • You have two apps that are essentially separate things.
  • These apps can be served from a web page via HTTP, and either don't have an auth system or need one revamped.
  • You want a centralized login system with social auth.
  • You have a single business entity.
  • You want a single, combined source of data for e-commerce.
  • You are essentially setting this up from scratch on the WordPress backend side, there is no current mixed ecosystem of users.

My thoughts: You DO NOT want LDAP or Kerberos. Those solutions are much too complex for this situation. You want a SINGLE WordPress install. You can easily setup the backend to answer to multiple domains. In other words a single wordpress install can handle pages at "domain1.com" and "domain2.com" and render the pages with compleately different headers and text to make them APPEAR as two sites. There is no reason to maintain two separate lists of users, because you want a single system to login. Differentiate the users based on their business data, i.e. user1 has data "registered on SiteA", user2 had data "registered on SiteB" etc.

You can place your app into a WordPress page, then use is_user_logged_in() to firewall it behind WordPress. This is an industry standard method of auth and extremely secure if setup correctly. Or if it's a data api, you can place it as an endpoint and leverage the exact same auth system.

Any of the major social auth plugins that are popular in the free .org repo should work out the box with this method.

If you are going to associate blogging, that is, many "posts" about the products, and you want those blogs to be different ecosystems, with different sets of users, you are looking for WordPress Multi-Site. I don't think this is what you want. You don't sound like you are going to "blog". Or at least every page is going to be meticulously curated on these combined sites. So you're probably looking for just a single install to serve content to two domains. NOT MULTISITE.

You should use WooCommerce, simply because it is the most widely supported platform. Setup is 100% free.

You can easily serve pages that are branded totally differently, even in one install. For instance, one WordPress site can serve pages to two domains, and put different logos and headers on the top of the page to make them appear different. One physical machine can serve two domains.

Bottom line: You want a single WordPress setup on a single machine, serving two domains. The content and appearance on the domains can be different at will. Use any popular social auth plugins in the .org repo to firewall the apps.

like image 140
John Dee Avatar answered Oct 20 '22 01:10

John Dee