Answer the question
In order to leave comments, you need to log in
T
T
timmpw2015-08-07 10:22:12
timmpw, 2015-08-07 10:22:12
How to properly and securely implement SSO for a project?
There are several web projects. Let's assume that the domains are https://site1.ru , https://site2.ru and https://site3.ru. You need to link them. Having passed authorization in site1.ru, the user should automatically become logged in on other projects.
I assume that we are making an authentication center (for example https://auth.ru ) with all information about users.
Next, we use the following scheme:
from https://site1.ruthe login and password are sent to the authorization server. In case of successful verification of data on auth.ru, we generate a session id and run a script on each of the projects (with checking the domain of the server from which the request came), which in turn will set the httponly cookie with the passed id. We write a unique key['value'] to the session, with which we then check whether the authorization is still alive.
To heighten the effect, once every N minutes we regenerate the master token and send it to all projects that we already salt the data transmitted from the site to the authorization server.
What could I be missing and where are the weaknesses in this solution? Thank you.
1 answer(s)
@nmk2002
N
Nikolai Korabelnikov, 2015-08-09 @nmk2002
You need to use SAML.
In this case, you will have an authentication server (Identity Provider), and your sites (Service Provider) will use it to authenticate users and, if the user is already authenticated on one of the resources, then SAML will provide SSO.
I can advise neXus Hybrid Access Gateway.
Similar questions
N
Nikolai Steshenko2021-05-24 00:59:15
How to add a field to registration or remove instantaCms?
2Reply
R
A
W
A
Arbil2020-01-04 15:46:38
Is there a function in Python that will display the number of elements?
4Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question