Jump to content

Single Sign on - Multi Domain

samtay

By samtay
in PHP Coding Help

 Share

Recommended Posts

samtay Newbie

samtay

Posted
Posted

Hey Everyone,

 

Is it possible to implant single sign on with only using PHP, if so can you give me idea on how to do this?

Oh it has to be Multi Domain and also the Domain will be unknown.

 

Cheers

Samuel

Link to comment
Share on other sites
samtay Newbie

samtay

Posted
  • Author
Posted

The different sites uses the same database.

 

What I have come up with is:

  • Secondary Site checks if cookie token id is set.

    •  
  • If set then checks if token is in database, checks if correct IP.

    •    
  • If correct updates a timestamp in database to stop token expiring, this will stop abandoned token clotting the database up.

  [*]If not set then redirects to Main Site's login page.

[*]Main Site will check if cookie token id is set.


  •  
  • If set then checks if token is in database and checks if correct IP.

    •    
  • If correct then sets cookie for secondary site and redirects back.
       
  • If not correct displays login form.

  [*]If not set then displays login page.

[*]The login page will check credentials


  •  
  • If correct then token will be created in the database, cookies for Main Site and Secondary Site will be set and redirected.

[*]All logins will be done on Main Site's login page.

 

Do you think this idea should function correctly and securely?

 

Cheers

Samuel

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

Not at all You can do it to say set your sessions on all sites

 

the cURL() will allow you to send info to forms, however any reasonable site will make sure the htpp refer is the actual processing page and not some secondary page that you are attempting to hack login from.  But cURL() can do it.

 

You have a page Username/Password then on the processor it sends those off to the login processes on the sites you want to login on with those in the send.

Link to comment
Share on other sites
samtay Newbie

samtay

Posted
  • Author
Posted

Not at all You can do it to say set your sessions on all sites

 

the cURL() will allow you to send info to forms, however any reasonable site will make sure the htpp refer is the actual processing page and not some secondary page that you are attempting to hack login from.  But cURL() can do it.

 

You have a page Username/Password then on the processor it sends those off to the login processes on the sites you want to login on with those in the send.

 

I'm not quite clear on your idea, do you mean to have a login page on the secondary site then the details be sent and  processed on the main site?

 

Wouldn't then I have to login in at each site as the domain are unknown?

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

Nope this is what you do

form.html

<html>
<form action="process.php">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" value="Login" />
</form>

Now that is simple, but the hard part is on page 2 which is all about php

process.php

<?php
$logins = array(
"https://www.google.com/accounts/ServiceLoginAuth?service=mail";
"http://www.yahoo.com";
);
//You can add more logins just use the processers
$username = trim($_POST['username']);
$password = trim($_POST['password']);
foreach($logins as $value){
$ch = cURL_init($value);
//Read cURL libray on sending the info to the pages
curl_close($ch);
}
?>

 

Note:

This might be do able with the http library, but that doesn't help you with ssh connections

http://us2.php.net/manual/en/ref.http.php

Link to comment
Share on other sites
samtay Newbie

samtay

Posted
  • Author
Posted

Ahhh kk, Well I'm unsure if its the right solution for me as I'm looking at have over 50 domains and would slow logining  in really down.

 

How my application works is that when a user registers they get a simple CMS and they can use their own domain with it. All the domain as send to the same virtual host on a Apache server, then depending on the domain the application will display the correct data.

 

Cheers

Samuel

Link to comment
Share on other sites
samtay Newbie

samtay

Posted
  • Author
Posted

however any reasonable site will make sure the http refer is the actual processing page and not some secondary page that you are attempting to hack login from.

 

I understand what you mean but the login page and the processing will be all done at the main site so what I have the same problem?

 

Cheers

Samuel

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.