: Best Single-Sign-On practices for large organization I'm currently working on several IT projects for a large organization (100k+ members). I'm thinking on providing some kind of unification and
I'm currently working on several IT projects for a large organization (100k+ members). I'm thinking on providing some kind of unification and integration of all websites that I'm designing.
So my question is, what are the best practices for such integration?
I'm using mainly two php-based engines: WordPress and Q2A
What I would like to achieve:
Provide Single-Sign-On (SSO) for all websites managed by me.
Exchange information between pages, something like user's top-bar on StackExchange
Provide a SSO plugin for WordPress (there is a lot of sub-organizations in this organization, most of them have simple WordPress based webpages; I would like to provide them with a plugin that allows loging by the users via unified SSO).
So what are the best practices? Is the SSO mechanism itself powerfull enough to achieve that or should I look for some modification of it?
More posts by @Bryan171
1 Comments
Sorted by latest first Latest Oldest Best
There are two widely used single sign on protocols:
OpenId
Oauth
From a technical perspective the biggest difference is that your site has to pre-register with the Oauth server. The Oauth provider will give your site a token that it must send when you want to log in a visitor. OpenID requires no previous arranged relationship.
It appears that Oauth is the better choice nowdays. Facebook has always supported only Oauth login for single sign on. Google used to support OpenId, but has since implemented Oauth and started to deprecate OpenId.
StackExchange took the approach of writing their own OpenId server or allow you to choose from third party providers. There is a lot less user confusion if you support only one single sign on provider. It could be your own, or you could just use Google.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.