[nycphp-talk] Single Sign On Questions
Joseph Crawford
codebowl at gmail.com
Mon Apr 9 11:19:11 EDT 2007
Guys,
We are going round and round with the methods for SSO. Can something
like this be done?
EREJobs.com will include a file from ERE.net, the file on ERE.net
executes on the ere.net domain while doing so can it read the ere.net
cookie? I know that is probably not allowed due to XSS.
We have looked into Open SSO and even the chapter from Advanced PHP
Programming on SSO however that leads to issues when using multiple
sites. For instance you go to erejobs.com and login, it directs you
to ere.net authenticates you, sets a cookie for ere.net and back to
erejobs where a cookie is set. However if you then go to another site
say eredirectory.com it will not see you logged in because no cookie
is set so you again have to click the login button. You wont have to
login because the ere.net cookie exists it will just redirect you back
to eredirectory but it seems like a rats nest we will get into.
Any ideas on how else to accomplish something like this?
--
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
http://www.codebowl.com/
Blog: http://www.josephcrawford.com/
1-802-671-2021
codebowl at gmail.com
More information about the talk
mailing list