SSO Handler managing login for one site with multiple Domains?

Previous topic

Developer

Next topic

Author	Message
Rene Hrdina	Monday 09 August 2010 5:49:55 am Hi Everyone, following scenario: We got a website running that is accessible via multiple domains. The Problem is that when a user logs in at www.domain1.com he's not logged in at www.domain2.com. So i guess we'll have to implement a Single Sing On Handler. Since i can not just read the cookie created on www.domain1.com when the user visits www.domain2.com we'll have to come up with a more sophisticated solution. Has anyone ever created a solution for such a problem and would share some ideas regarding this topic with me ? I'd appreciate any tips, hints and ideas on how to implement such a SSO. regards
Andrew Duck	Monday 09 August 2010 6:17:42 am Hi Rene, Yes you are correct that a single signon handler would be a good approach. I have built similar implementations in both cross-domain (a.com, b.com) and root-domain (sub.a.com, sub2.a.com, *.a.com) environments. It really depends on how you store your cookies - there was recently an enhancement for eZ Publish which should come out in 4.4 which allows you to specify the domain name you wanted stored for login cookies - then it's a matter of building a suitable SSO handler to meet your requirements. In your case with multiple different domain names you will need an intermediate domain that handles all authorisations via redirects to that domain to check the auth cookie - then you need to redirect back to the requested domain and set a login cookie for the specific domain. Andrew Duck, Executive Director, Quiqcorp Limited eZ Certified Developer and Trainer. Member of the Community Project Board http://quiqcorp.com \| http://twitter.com/andrewduck

Author

Message

Rene Hrdina

Monday 09 August 2010 5:49:55 am

Hi Everyone,

following scenario:

We got a website running that is accessible via multiple domains. The Problem is that when a user logs in at www.domain1.com he's not logged in at www.domain2.com.

So i guess we'll have to implement a Single Sing On Handler.

Since i can not just read the cookie created on www.domain1.com when the user visits www.domain2.com we'll have to come up with a more sophisticated solution.

Has anyone ever created a solution for such a problem and would share some ideas regarding this topic with me ?

I'd appreciate any tips, hints and ideas on how to implement such a SSO.

regards

Andrew Duck

Monday 09 August 2010 6:17:42 am

Hi Rene,

Yes you are correct that a single signon handler would be a good approach. I have built similar implementations in both cross-domain (a.com, b.com) and root-domain (sub.a.com, sub2.a.com, *.a.com) environments.

It really depends on how you store your cookies - there was recently an enhancement for eZ Publish which should come out in 4.4 which allows you to specify the domain name you wanted stored for login cookies - then it's a matter of building a suitable SSO handler to meet your requirements.

In your case with multiple different domain names you will need an intermediate domain that handles all authorisations via redirects to that domain to check the auth cookie - then you need to redirect back to the requested domain and set a login cookie for the specific domain.

Andrew Duck, Executive Director, Quiqcorp Limited
eZ Certified Developer and Trainer.
Member of the Community Project Board
http://quiqcorp.com | http://twitter.com/andrewduck