NYCPHP Meetup

NYPHP.org

[nycphp-talk] Single Sign On Questions

Timothy Boyden tboyden at supercoups.com
Mon Apr 9 11:36:28 EDT 2007 

Hey Joe,

When I was at MIT we used certificates for multi-domain SSO
authentication (and authorization). I also have looked into other types
of SSO schemes and from a security and implementation stand-point
certificates look to be the best tool for the job. Here is a link to
MIT's user documentation on their certificate system:
http://web.mit.edu/ist/topics/certificates/

As far as the technical implementation goes, I found a lot of good
information by Googling. But if you contact someone in MIT's IT group
I'm sure they could provide some specifics on their implementation.

I'm not sure it could be implemented using Network Solutions type
hosting service, but something like SSO across multiple domains would
require a more extensive setup then they could provide anyways.

-Tim

---------------------------
Timothy Boyden
Network Administrator

SuperCoups(r)

350 Revolutionary Drive | E. Taunton, MA 02718
508-977-2034  | www.supercoups.com 

We Support Alex's Lemonade Stand Foundation, 
"Fighting Childhood Cancer One Cup At A Time"
Donations Accepted at: www.firstgiving.com/SuperCoups
---------------------------
Local Coupons. Super Savings.(r)

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Joseph Crawford
Sent: Monday, April 09, 2007 11:19 AM
To: NYPHP Talk
Subject: [nycphp-talk] Single Sign On Questions

Guys,

We are going round and round with the methods for SSO.  Can something
like this be done?

EREJobs.com will include a file from ERE.net, the file on ERE.net
executes on the ere.net domain while doing so can it read the ere.net
cookie?  I know that is probably not allowed due to XSS.

We have looked into Open SSO and even the chapter from Advanced PHP
Programming on SSO however that leads to issues when using multiple
sites.  For instance you go to erejobs.com and login, it directs you to
ere.net authenticates you, sets a cookie for ere.net and back to erejobs
where a cookie is set.  However if you then go to another site say
eredirectory.com it will not see you logged in because no cookie is set
so you again have to click the login button.  You wont have to login
because the ere.net cookie exists it will just redirect you back to
eredirectory but it seems like a rats nest we will get into.

Any ideas on how else to accomplish something like this?

--
Joseph Crawford Jr.
Zend Certified Engineer
Codebowl Solutions, Inc.
http://www.codebowl.com/
Blog: http://www.josephcrawford.com/
1-802-671-2021
codebowl at gmail.com
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

More information about the talk mailing list