Single sign on

sadaf · December 28, 2010, 1:36pm

Hello,

I have two sites one with .org domain and other with .net. I have a Yii application installed on .org. This application have a Userbase and restricted area for users. I want to implement single sign on with these two sites. Is this possible? If yes then how?

Thanks

tonydspaniard · December 28, 2010, 1:49pm

Try any of the Curl extensions as this requires server-to-server communication. Then modify the authenticate functions as required on UserIdentity component

sanekmacros · December 28, 2010, 2:30pm

I dont think it is possible. How will you deliver the cookie for different domen name to the client? It may be possible though if you implement the authentication through ip address. In this case you just save the current ip in the table in which the user has logged on the one site, and just check ip on another.

zekus · December 28, 2010, 2:44pm

Someone asked more or less the same question here http://stackoverflow.com/questions/44509/single-sign-on-across-multiple-domains and there are some ideas in the answers. All you have to do is implement one of those in Yii.

If your question was more about if there is an existing plugin in Yii, then my answer is : not that I know about.

sadaf · December 28, 2010, 5:01pm

Thank you everyone for the ideas. I’ll be implementing Single Sign on this week so will definitely update this thread for others who may want to do this in future.

tonydspaniard · December 28, 2010, 5:20pm

Here man… I agree with not reinventing the wheel: http://simplesamlphp.org/

Cheers

The following article is interesting but… I would stick with something that is already proven. It also explains how to deal with auth cookies.

trejder · December 28, 2010, 9:59pm

I’ll just add that since there is an abbreviation for this feature (SSO), you can also search Yii forum for this keyword to find some related posts about it. I’m pretty sure that there was a very simillar discussion about this subject about month or two ago, but currently can’t find that thread! :[

tonydspaniard · December 28, 2010, 10:20pm

Here : http://www.yiiframework.com/forum/index.php?/topic/4559-yii-have-helper-with-single-sign-on-sso/page__p__24115__hl__SSO#entry24115

tonydspaniard · December 28, 2010, 11:31pm

Something is ticking in my head…

Can you guys tell me if this is correct?

Getting an image from another domain on current domain (i.e. —> <img src="http://otherdomain.com/image.php?a=blah&b=blah"/> on http://mydomain.com)
Inserting a js file from another domain on current domain (i.e. —> <script src="http://otherdomain.com/script.php?a=blah&b=blah"/> on http://mydomain.com)

will allow me to write client cookies from other domains to client --as obviously it was a request to other domain?

Never done it as I have ever been required to code such systems note not trying to reinvent the wheel, I am just curious

trejder · December 29, 2010, 7:37am

I haven’t also been able to check this. I’m only writing what I recall from my memory about setting cookies in cross-domain environment.

No, because you have to execute code (PHP, JS etc.) that will strictly write that cookie. And if I’m not mistaken just hot-linking image from another domain won’t do this.

If in inserted JS file you have a code that sets a cookie your browser will prevent execution of it, if I’m not mistaken, simple because it will check that your current domain (the one embedding JS code) isn’t the same as domain holding JS file used for setting cookie.

If it would be that simple, neither SSO would be developed nor you wouldn’t have to use ugly stuff like Google Maps API Key to be able to use Google Maps. You would only call some JS file from Google Maps that would set a cookie on your computer for your domain and would tell Google Maps that you are allowed to use their mapping engine.

tonydspaniard · December 29, 2010, 11:46am

I came accross an interesting article about SSO, where is an authentication token provided by a server to a broker SSO php scripts. Haven’t tried it yet, but I would love to see what your opinion is about it: http://www.jasny.net/articles/simple-single-sign-on-for-php/

@Trejder Thankyou very much for your answer. You pointed me to a different direction with JS that I may investigate a bit more to fulfill my curiosity on this matter.

@Trejder… I made a ‘clicking mistake’, I wanted to give you +1 vote and clicked -1! I have already voted the other comment +1 and reported my mistake to moderator. Sorry!

trejder · December 29, 2010, 12:57pm

I saw the same article. Even I don’t have time to investigate this further I will keep an eye on it, as it sounds really interesting and I will need SSO in one of my future planned projects. But I’m still thinking, if solutions like OpenID or Facebook-Connect aren’t better? They not only give you ready solution for single sign-on but also allow people to reuse their existing login/password and are providing you with strong, very well tested security layer underneath them.

No problem at all! :] I’m still much more person, who asks than the one, who answers. I am very happy, if my small knowledge can be used to help someone else, but I for sure do not do this for reputation or some pluses or minuses! :] It is very nice that I’ve already earned my precious eleven points within only two months and a half since joining this community, but I would be the same satisfied with all the help and kindness I found here, even with zeroed or negative reputation! :]

tonydspaniard · December 29, 2010, 2:05pm

Anyway, I am happy mdomba has fixed this

trejder · January 2, 2011, 12:00pm

Here is a thread, I mentioned before, with some ideas by Mike and doodle, to be considered. See, if any of it wouldn’t help you?

resurtm · July 20, 2011, 12:11pm

Anyone have any new ideas about SSO implementation for multiple domains without using third party software or libraries and without rewriting existing Yii authentication code?

Are there samples or articles of using SimpleSAMLphp with Yii?