SSO Handler managing login for one site with multiple Domains?

Previous topic

Developer

Next topic

Author	Message
Rene Hrdina	Monday 09 August 2010 5:49:55 am Hi Everyone, following scenario: We got a website running that is accessible via multiple domains. The Problem is that when a user logs in at www.domain1.com he's not logged in at www.domain2.com. So i guess we'll have to implement a Single Sing On Handler. Since i can not just read the cookie created on www.domain1.com when the user visits www.domain2.com we'll have to come up with a more sophisticated solution. Has anyone ever created a solution for such a problem and would share some ideas regarding this topic with me ? I'd appreciate any tips, hints and ideas on how to implement such a SSO. regards
Andrew Duck	Monday 09 August 2010 6:17:42 am Hi Rene, Yes you are correct that a single signon handler would be a good approach. I have built similar implementations in both cross-domain (a.com, b.com) and root-domain (sub.a.com, sub2.a.com, *.a.com) environments. It really depends on how you store your cookies - there was recently an enhancement for eZ Publish which should come out in 4.4 which allows you to specify the domain name you wanted stored for login cookies - then it's a matter of building a suitable SSO handler to meet your requirements. In your case with multiple different domain names you will need an intermediate domain that handles all authorisations via redirects to that domain to check the auth cookie - then you need to redirect back to the requested domain and set a login cookie for the specific domain. Andrew Duck, Executive Director, Quiqcorp Limited eZ Certified Developer and Trainer. Member of the Community Project Board http://quiqcorp.com \| http://twitter.com/andrewduck

Author

Message

Rene Hrdina

Monday 09 August 2010 5:49:55 am

Hi Everyone,

following scenario:

We got a website running that is accessible via multiple domains. The Problem is that when a user logs in at www.domain1.com he's not logged in at www.domain2.com.

So i guess we'll have to implement a Single Sing On Handler.

Since i can not just read the cookie created on www.domain1.com when the user visits www.domain2.com we'll have to come up with a more sophisticated solution.

Has anyone ever created a solution for such a problem and would share some ideas regarding this topic with me ?

I'd appreciate any tips, hints and ideas on how to implement such a SSO.

regards

Andrew Duck

Monday 09 August 2010 6:17:42 am

Hi Rene,

Yes you are correct that a single signon handler would be a good approach. I have built similar implementations in both cross-domain (a.com, b.com) and root-domain (sub.a.com, sub2.a.com, *.a.com) environments.

It really depends on how you store your cookies - there was recently an enhancement for eZ Publish which should come out in 4.4 which allows you to specify the domain name you wanted stored for login cookies - then it's a matter of building a suitable SSO handler to meet your requirements.

In your case with multiple different domain names you will need an intermediate domain that handles all authorisations via redirects to that domain to check the auth cookie - then you need to redirect back to the requested domain and set a login cookie for the specific domain.

Andrew Duck, Executive Director, Quiqcorp Limited
eZ Certified Developer and Trainer.
Member of the Community Project Board
http://quiqcorp.com | http://twitter.com/andrewduck

eZ debug

Timing:	Jan 19 2025 03:21:16
Script start
Timing:	Jan 19 2025 03:21:16
Module start 'layout'
Timing:	Jan 19 2025 03:21:16
Module start 'content'
Timing:	Jan 19 2025 03:21:17
Module end 'content'
Timing:	Jan 19 2025 03:21:17
Script end

Main resources:

Total runtime	0.9330 sec
Peak memory usage	4,096.0000 KB
Database Queries	54

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0059	589.4141	152.6563
Module start 'layout'	0.0059	0.0031	742.0703	39.5078
Module start 'content'	0.0090	0.9225	781.5781	525.3594
Module end 'content'	0.9315	0.0015	1,306.9375	8.0938
Script end	0.9330		1,315.0313

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0032	0.3426	16	0.0002
Check MTime	0.0013	0.1384	16	0.0001
Mysql Total
Database connection	0.0007	0.0747	1	0.0007
Mysqli_queries	0.8789	94.2018	54	0.0163
Looping result	0.0006	0.0628	52	0.0000
Template Total	0.8903	95.4	2	0.4451
Template load	0.0021	0.2259	2	0.0011
Template processing	0.8882	95.1928	2	0.4441
Template load and register function	0.0002	0.0218	1	0.0002
states
state_id_array	0.0025	0.2727	1	0.0025
state_identifier_array	0.0032	0.3460	2	0.0016
Override
Cache load	0.0017	0.1847	17	0.0001
Sytem overhead
Fetch class attribute can translate value	0.0006	0.0655	2	0.0003
Fetch class attribute name	0.0011	0.1231	3	0.0004
XML
Image XML parsing	0.0008	0.0853	2	0.0004
class_abstraction
Instantiating content class attribute	0.0000	0.0009	3	0.0000
General
dbfile	0.0046	0.4950	18	0.0003
String conversion	0.0000	0.0010	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
2	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
2	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
1	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 7 Number of unique templates used: 5

Time used to render debug report: 0.0001 secs