: Single Sign on across Websites I have three different websites that I run on three distinct top level domains. I would like to be able to have users log into any one of them and then be
I have three different websites that I run on three distinct top level domains. I would like to be able to have users log into any one of them and then be automatically logged into all three. As an additional requirement I'd like the user to be able to use my own login system or a third party system of their choice (eg. Facebook).
Can anyone point me to clear documentation on a "standard" way to do this? Everything I've read suggests trying to write my own solution would be a bad idea. SAML seems to one possible direction to go, so I tried playing with SimpleSamlPhp, but I haven't been able to wrap my head around that (better examples than what they have in their documentation might help).
So what is the best way to accomplish this?
More posts by @Sent6035632
4 Comments
Sorted by latest first Latest Oldest Best
Another way of setting up SSO is to use something like Central Authentication Service, originally from Yale.
This can allow automatically signing in to a site without an authorisation step at each site; your users would sign into the CAS server once, and be authenticated on all sites when they visit them.
There are pre-written modules for most languages, and several content management systems can use CAS for SSO.
You should be able to share Logins across multiple domains by:
Sharing the Database (User Details Only)
Sharing Cookies
To do it this way it requires a lot of coding and far to much variables to give you an exact use this code but you should be able to do some little research on Sharing Cookies Cross Multiple Domains hosted on Different Servers. There's actually lot of sites with detailed information how this can be achieved which seems your best route if you want to avoid confirmations etc.
A friend of mine started a company called CryptoKey which is taking the approach of generating personal security certificates for user that can be installed into most web browsers. I tested it, and it does not require the confirmation step to let a website see and verify your identity. So after installing their authentication, users would just be logged into all of your sites.
The drawback to this system is that it is much harder for users to get their certificate installed, than it is for them to just create a password.
I would suggest using Open Id for single sign on. It is the most widely supported.
Users can log in with their Google or Yahoo accounts. This page has a list of some of the biggest account providers for open id. You can also create your own Open ID provider the way that StackExchange does.
There are two drawbacks to it:
Facebook doesn't support it. If you want to let users log in through facebook too, you'll need to also implement facebook single sign on.
You can't automatically log the users into your three sites. Your users will have to approve each site separately. The approval only needs to be done once per site. Once they have approved the login per site, you can redirect them to the login page and it will bounce them right back with credentials. This is the same as the StackExchange sites work, where you have a single login, but you have to approve each stack site separately.
I limit users logging into my site to only using their Google account. I've found that fewer users get turned off by having to log in with Google than get turned off by the choice paralysis when presented by options. Have a single login link on my page that just takes them to Google makes the login flow much simpler and easier for my users.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.