tags:

views:

659

answers:

4
Q: 

Single Sign On for Web Application

I am looking for solution where users of register websites with us can access our application without explicit login into our application.

  1. Websites owner will register with us to access our application
  2. User will login into their website and see link of our website to access it.
  3. Once user click on the link user will able to access it.
  4. If user try to access this link through browser with login into their website then show error message.

Is there any way to to this through cookies, webservices or HTTTP post method etc

+5  A: 

check out OpenID - http://openid.net/

JonoW  2009-04-27 11:14:10
But i think websites which register with us also require to user openid, but there is a case where register websites are not using openID
Mahesh  2009-04-27 11:45:44
You could of course reinvent OpenID, but that's sidestepping the issue. You cannot implement SSO for third-party websites; the website itself has to cooperate. OpenID is a proven protocol for such cooperation.
MSalters  2009-04-27 11:59:01
A: 

Another option you can investigate is Windows Live ID. Of course the main drawback is it requires users to have Windows Live Accounts but this may or may not be an issue

Conrad  2009-04-27 11:59:37
A: 

Hmm, sounds like you want something like OAuth, http://oauth.net for the authorisation and OpenID, http://openid.net/, support to allow people to easily login.

Google has a hybrid protocol, OpenID + OAuth which allows to request for both user details and access token all at once, http://code.google.com/apis/accounts/docs/OpenID.html.

seanlinmt  2009-04-27 12:21:21
A: 

Microsoft Windows 2003 R2 introduced a product called Active Directory Federation Services (ADFS) out of the box that fits your description. ADFS provides single sign-on between multiple websites. This includes sites that are affiliated to your own but that you don't necessarily trust to open up an authentication API. ADFS integrates with AzMan for role based authorization and can authenticated against Active Directory, ADLS, etc...

If all you are looking for is basic single-signon this this solution is way overkill. Basically all they are doing are checking for an authenticated session and if one isn't found doing a 307 redirect to the federation server (authentication website) where the authentication form sits. Once a user logs in a cookie is set on the federation server and the user is redirected back to the original site with the sessionid attached as a URL variable. It is up to that site to retain a copy of the sessionid as cookie for its own domain.

I just recently went down the route of evaluating a number of SSO tools and found that if all I really wanted was single-sign on it was just way easier to roll my own solution similar to the one above.

William Edmondson  2009-04-27 12:40:31

related questions

Which resolution to target for a Mobile App?
iPhone app that access the Core Location framework over web
Displaying version of underlying software in footer of web app?
How Did You Decide Between WISA and LAMP?
What strategies have you employed to improve web application performance?
What skills do you need for proper UI/Interaction/Functional design in Web Apps?
Storing logged in user details
How do you unit test web apps hosted remotely?
Broken chart images in Crystal Reports in web application
Best Way to Begin Learning Web Application Design
JRuby / Rack deployment
How to affordably release a Web App
Best practices for managing and deploying large javascript apps
Building Standalone Applications in JavaScript
iPhone web applications, templates, frameworks?
How do you stress test a web application?
RSS feeds from Gallery2
Recommendation for straight-forward python frameworks
Graphing JavaScript Library
What to use for login ID?
What's your opinion on using UUIDs as database row identifiers, particularly in web apps?
Implementing an online ordering system for a restaurant/cafe.
Web App Beta
What Hosting Service is best for Django applications?
How to make subdomain user accounts in a webapp