3

I'm creating three websites which, in theory, users should have the same account for each one. Although with different attributes, the user email, login name, password, etc, is stored and handled by a single website (like user.mysso.com).

Should I do that using a RESTful webservice on user.mysso.com that provides an interface for querying/authenticating users? Or is this insecure?

S.L. Barth is on codidact.com
  • 8,198
  • 71
  • 51
  • 66
vinnylinux
  • 7,050
  • 13
  • 61
  • 127
  • Sigh - I'm not sure why SO users close questions when someone with a possible answer might be able to stop by and answer it without being "not constructive". Anyway, here is a standalone SSO system you might want to look at: http://barebonescms.com/documentation/sso/ – CubicleSoft Aug 15 '12 at 15:06
  • You may be also interested in [Jasig CAS SSO](http://www.jasig.org/cas) and its java implementation [JCAS](http://jcas.sourceforge.net/), they look to me a good fit for your requirements. – Tony Rad Nov 07 '12 at 22:23
  • I used an example from a book called ' Advanced PHP Programming' by George Schlossnagle - an excellent source if you want to roll your own - I reccommend the book for other advanced areas of PHP coding too - its available on amazon - http://www.amazon.co.uk/Advanced-PHP-Programming-Developers-Library/dp/0672325616/ref=sr_1_1?ie=UTF8&qid=1358715128&sr=8-1 - Perfect solution, I have it working on a three site cluster with a single authentication server for all three – Ben Duffin Jan 20 '13 at 20:52

1 Answers1

0

No. Use the correct tool for the task which is a Directory Service in this case.

In your shoes I probably use OpenLDAP and Authenticating user using LDAP from PHP

Community
  • 1
  • 1
Martin Spamer
  • 5,437
  • 28
  • 44