Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Single Sign On across multiple domains [closed]

Tags:

authentication

single-sign-on

Our company has multiple domains set up with one website hosted on each of the domains. At this time, each domain has its own authentication which is done via cookies.

When someone logged on to one domain needs to access anything from the other, the user needs to log in again using different credentials on the other website, located on the other domain.

I was thinking of moving towards single sign on (SSO), so that this hassle can be eliminated. I would appreciate any ideas on how this could be achieved, as I do not have any experience in this regard.

Thanks.

Edit: The websites are mix of internet (external) and intranet (internal-used within the company) sites.

like image 708
Pascal Avatar asked Sep 04 '08 19:09

Pascal

People also ask

How does SSO work across domains?

The SSO domain authenticates the credentials, validates the user, and generates a token. The user is sent back to the original site, and the embedded token acts as proof that they've been authenticated. This grants them access to associated apps and sites that share the central SSO domain.

What is multi-domain SSO?

About multi-domain support for SSO Access Policy Manager (APM) provides a method to enable users to use a single login or session across multiple virtual servers in separate domains.

What is cross-domain authentication?

Cross-domain authentication is a common approach in identity management that authenticates users for sites that run on different domains. ReachFive handles this even for browsers that block third-party cookies. Cross-domain authentication is much more streamlined when using SSO.

1 Answers

The SSO solution that I've implemented here works as follows:

  1. There is a master domain, login.mydomain.com with the script master_login.php that manages the logins.
  2. Each client domain has the script client_login.php
  3. All the domains have a shared user session database.
  4. When the client domain requires the user to be logged in, it redirects to the master domain (login.mydomain.com/master_login.php). If the user has not signed in to the master it requests authentication from the user (ie. display login page). After the user is authenticated it creates a session in a database. If the user is already authenticated it looks up their session id in the database.
  5. The master domain returns to the client domain (client.mydomain.com/client_login.php) passing the session id.
  6. The client domain creates a cookie storing the session id from the master. The client can find out the logged in user by querying the shared database using the session id.

Notes:

  • The session id is a unique global identifier generated with algorithm from RFC 4122
  • The master_login.php will only redirect to domains in its whitelist
  • The master and clients can be in different top level domains. Eg. client1.abc.com, client2.xyz.com, login.mydomain.com
like image 173
grom Avatar answered Oct 18 '22 19:10

grom
Sign in to Comment

Related questions

ASP.NET Core 2.0 authentication middleware
What are best practices for securing the admin section of a website? [closed]
How to redirect to a dynamic login URL in ASP.NET MVC
How to use pip on windows behind an authenticating proxy
How do I check whether this user is anonymous or actually a user on my system?
How does OpenID authentication work?
python request with authentication (access_token)
How to configure where to redirect after a log out in Django?
AngularJS: Basic example to use authentication in Single Page Application
SAML vs federated login with OAuth
How do I login and authenticate to Postgresql after a fresh install?
Get login username in java
Why use an API key and secret?
.NET Core Identity Server 4 Authentication VS Identity Authentication
Using PassportJS, how does one pass additional form fields to the local authentication strategy?
Symfony 2: How do I check if a user is not logged in inside a template?
Sourcetree remote: Invalid username or password
Salt and hash a password in Python
ASP.NET Core Web API Authentication
Laravel: Auth::user()->id trying to get a property of a non-object

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!