How to implement SSO on different domains?

A

Andrey Bilyk2014-05-17 19:39:42

Single sign-on technology

Andrey Bilyk, 2014-05-17 19:39:42

An example is habr + toaster + tmtm.ru as an authorization server.
How to implement for sites on one subdomain is clear: we generate a token, put it in a cookie on *.domain.com and thus share the token between other subdomains.
How to transfer this token when the domain is different and it is impossible to shove it into the cookie?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

Michael Danilov, 2014-05-17
@YAAP

On the Toaster, I clicked on Login, I opened the page
After entering the login password, I will be redirected to the page
and from there to
The principle is this:
The subsite looks at its own (or general database) on your cookies whether you are authorized. If "yes", then we show you the site and your profile. If "no" or the cookies are not correct, then sends to a single authorization center. There, they authenticate you, give you some kind of cookie so that they don’t check next time, and return you to the verification node on the target subsite. He checks you and the received tokens, if everything is correct, then he gives a cookie to himself.
PS I always confused authorization and authentication, so I could make a mistake somewhere.