Yii have helper with Single Sign-on ( SSO ) ??

Hello everybody . this is my first post

I had tested Yii for a week and I would like to know with Single Sign-On ( SSO )

Example )

I had developed 3 web application with Yii

        -    classified.hybridhybrid-test.com


        -    www.hybridhybrid-test.com


        -    engine.hybridhybrid-test.com     

when I login user authen to "www.hybridhybrid-test.com" , I will auto login to "classified.hybridhybrid-test.com" , "engine.hybridhybrid-test.com"

and when I logout somewhere in 3 domains . It’s logout 3 domains

Somebody can Suggest me with How to Single Sign-On in this case ?? or Yii have helper with this case ??

========

Sorry for my weak english language

Thank you very much

up

Im intrested about this too, any ideas?

This would require that all 3 apps use the same session, because that’s where the information about authentication status is saved. If that’s not a problem for you, you could configure the session component to use the same savePath and also alter the domain parameter for your session cookie. The latter is requried for your browser to send the same session cookies for all your 3 domains. Note, that this only works because all your application domains are third levels of [color="#1C2837"][size=“2”]hybridhybrid-test.com.[/size][/color]

[color="#1C2837"][size="2"]




        'session'=>array(

            'savePath'=>'/some/writeable/path',    // same for all 3 apps

            'cookieParams' => array(

                'domain'=>'.hybridhybrid-test.com',

            ),

        ),



[/size][/color]

[color="#1C2837"] [/color]

[size=“3”][color="#1C2837"][size=2]EDIT: Sorry, didn’t notice that the first post is rather old. But maybe this solution is of help anyway.[/size][/color][/size]

Thanks for you reply mike, I know the first post its quite old, but Im still intrested :P

I can store the session information in a shared folder for all of them, but my applications are not all subdomains of a common domain, is there a workaround for that? is this completely required?

At least for the approach i described, yes. How else should the browser know, that it should send the same session cookie? And this is necessary, because that cookie indicates that the request belongs to the same session.

Besides that I can’t think of any mechanism to let an application know, that the current request comes from the same user that already was authenticated in another application.

Maybe OpenID could be a solution for this problem?

Anyway, in some related topic someone posted that Google utilizes this idea. I would like to follow this.

If Mike gave us wonderful solution how to have see that user is logged in, in three different webapps, does anybody have idea how to truly implement what is done on Google - i.e. have one login page for all websites which would redirect to proper webapp after logon was successful?

If I’m not mistaken, Mike’s (and topic author) idea only covers session handling of user credential, but login page in each of this applications would have to be duplicated. Any idea how to avoid this and centralize login / logout logic for whole server (domain)?

Thanks Trejder,

Im aware of those solutions, however, I cant get my users to get an openID or google account to use the system, and it is so, because, SSO here wont be an ‘extra’ but is something that somehow will be attached to bussiness logic.

We already have a users with roles and stuff, and I need them all to be able to use all related systems, without needing to log in again, or do anything else, we do need to use the already built system we have. without forcing our users to create anymore accounts or the like.

The systems are all over the same database, so they all have access to the same information, I do not need to ‘share’ imformation among them, since it is already shared in the database, what I do need, is to share the fact that the user is logged in, for at least one of them, I jsut havent figured out how to do that :( … at least in a decent way ;)

Have you tried Mike’s solution with sharing user authentication info over shared sessions? Any luck?

Maybe a completely different approach? If each of these apps uses the same database why don’t you then build one master database with three modules (Yii has wonderful support for them) and configure server + domain + Yii’s urlManager the way that if your user enters a.yourdomain.com he will be using module a from masterapp and so on.

Also take a look at this cookbook article.

If theses apps are so common (the same database, the same logic and the same user system) these might be a solution at least worth thinking of.

This post ss a bit old but it still might interest to someone

something like the following would work and be secure

user login at www.test.com

you save an unique var in the database like

unique_id user_id

redirect the user to www.example.com/user/login/?id={$unique_id}

in the login action do something like the following




if(isset($_GET['id'])){

//model = login_table created above

$model=$model->findByPk($_GET['id']);

if($model!==null){

	//do the login proccess with user data

	$user=User::model()->findByPk($model->user_id);

	//...

	//clean up the table so its only used once - security measure

	$model->deleteByPk($_GET['id']);

}else{

	throw new CHttpException(403,'Unauthorized access');

}

}



I believe something like that will work, correct if im wrong

You can take a look here : http://www.yiiframework.com/wiki/135/single-sign-on-across-multiple-subdomains/ but this is only for subdomains.

For cross domains you will need something like Gustavo’s solution.