Single Sign On across multiple domains [closed]

by

The SSO solution that I’ve implemented here works as follows:

  1. There is a master domain, login.mydomain.com with the script master_login.php that manages the logins.
  2. Each client domain has the script client_login.php
  3. All the domains have a shared user session database.
  4. When the client domain requires the user to be logged in, it redirects to the master domain (login.mydomain.com/master_login.php). If the user has not signed in to the master it requests authentication from the user (ie. display login page). After the user is authenticated it creates a session in a database. If the user is already authenticated it looks up their session id in the database.
  5. The master domain returns to the client domain (client.mydomain.com/client_login.php) passing the session id.
  6. The client domain creates a cookie storing the session id from the master. The client can find out the logged in user by querying the shared database using the session id.

Notes:

  • The session id is a unique global identifier generated with algorithm from RFC 4122
  • The master_login.php will only redirect to domains in its whitelist
  • The master and clients can be in different top level domains. Eg. client1.abc.com, client2.xyz.com, login.mydomain.com

More Related Contents:

  1. Single sign-on flow using JWT for cross domain authentication
  2. Set cookies for cross origin requests
  3. What’s the difference between OpenID and OAuth?
  4. Cross domain cookies
  5. Error when connect to impala with JDBC under kerberos authrication
  6. Cross Domain Login – How to log a user in automatically when transferred from one domain to another
  7. Handling Browser Authentication using Selenium
  8. user authentication libraries for node.js?
  9. Authentication with 2 different tables
  10. LDAP: error code 49 – 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
  11. Kafka SASL zookeeper authentication
  12. What are the main differences between JWT and OAuth authentication?
  13. Token Authentication vs. Cookies
  14. How does cookie based authentication work?
  15. Keycloak retrieve custom attributes to KeycloakPrincipal
  16. Why are cookies unrecognized when a link is clicked from an external source (i.e. Excel, Word, etc…)
  17. Is Facebook an OpenID provider?
  18. What is the Authorized Javascript Origin for a webapp powered by Google Script?
  19. OWIN – Authentication.SignOut() doesn’t seem to remove the cookie
  20. REST API Token-based Authentication
  21. Sending cookie session id with Swagger 3.0
  22. Microservice Authentication strategy
  23. Spring security: adding “On successful login event listener”
  24. No route matches [GET] “/users/sign_out”
  25. Where can I find a list of OpenID Provider URLs? [closed]
  26. ASP.NET MVC 3 using Authentication
  27. Customize Authentication – Login Symfony2 Messages
  28. Trouble getting ClaimsPrincipal populated when using EasyAuth to authenticate against AAD on Azure App Service in a Asp.Net Core web app
  29. Web API 2, OWIN Authentication, SignOut doesn’t logout
  30. How can I use persisted cookies from a file using phantomjs

Leave a Comment