How to create a Global Accounts system to use across several apps?

Question

I'm developing several apps at the moment which will require a global accounts system across all of the apps and I'm unsure of what's the best way of going about doing this.

The most obvious option is to have each app connect to 1 database but that would require duplicating the MVC login code across all the apps which would make updating the system somewhat of a pain.

Perhaps splitting the login system into its own app and having each app authenticate via an API?

Any ideas are appreciated. Thanks!

Answer 1

Your best bet is to use a tried and true authentication system, such as LDAP. You can use Authlogic as the base authentication system, with the Authlogic LDAP Addon plugin.

If you want an example of how Authlogic works, you can see one here.

Answer 2

The rubycas-server is another option that allows you to use a single sign page that will authenticate users across several apps.

Answer 3

Even if you split the login into a separate app you will still have duplicated login code, since the forms and the controllers that use the api will need to be duplicated. Unless you use a common library to encapsulate common functionality. Then you need more features, bells and whistles. If you go on this path long enough you will just re-implement your own square wheel :)

Instead you can just use something that people already built.

By far the easiest way would be to remove all this stuff completely and only support openid. Just like stackoverflow. Bundled with some smart openid-from-provider-and-username generation (again just like stackoverflow) this can accomodate almost anyone, thought this will need a little more work (but not much, the rules of generation should very trivial).

If you really need the standard user/password login form and just want centralized users db you can still use openid behind the scenes (see ruby-openid for both client and server parts implementation), or just use a simpler CAS solution (like ruby-cas)