0

Possible Duplicate:
Single Sign On - how to implement?

I have a two website which are totally unrelated. I need to write a php script that will send a user to the second site and log them in. Need to do this securely and also send over the user information (like username, profile details etc).

What is the best way to achieve this?

Community
  • 1
  • 1
Jonas
  • 1
  • 1
    Good link - only a duplicate if they know what SSO was/is to begin with to find it :) – Brian Jul 21 '11 at 10:59

3 Answers3

0

Setup an SSL connection between the 2 sites.

And add the user information to for example an JSON string and send it to the other site.

On the other site you need to check the credentials (in the JSON string) again.

PeeHaa
  • 71,436
  • 58
  • 190
  • 262
0

What you are talking about is SSO (single sign on).

There are many many approaches.

A simple approach is to implement would be some form of token sharing to ensure the requested user is an existing and valid user before then passing them on, or accepting a request to by-pass login on the target site.

Brian
  • 8,418
  • 2
  • 25
  • 32
0

I am solving it by having all necessary data in link:

  http://example.com?id=user-info

Where "user-info" is crypted everything what i need:

$cyphre = new Crypt_Xtea;  
$user-info = $username."-".$password."-".$any-other-info-i-need; 
$user-info = urlencode(base64_encode($cyphre->encrypt((string)$user-info, "[cyphre key]")));

On other side i have

$cyphre = new Crypt_Xtea;  
$user-info = $cyphre->decrypt(base64_decode(urldecode($_GET["id"])),"[cyphre key]");
$user-info = explode("-",$user-info);

In this example:

$user-info[0] = $username;
$user-info[1] = $password;
etc

Downsides of this approach:

  • You have to have access to the source code of both sides
  • Its not bulletproof (Salt, Salt, Salt! )
Pavel Janicek
  • 14,128
  • 14
  • 53
  • 77