Hi,
I'm currently looking at ways to create a SSO based application setup. The idea is as the following:
The user can login on my.domain.com and login there with a e-mail and password. After that the user can select a product that he owns, and goes to that domain (for instance, example.com). Here the user is logged in. If the user goes directly to example.com after loggin in at my.domain.com, the user should also be logged in.
I've looked at several options to implement this, with Auth0 or an Auth API at the control panel for instance. But i can't figure out what the best way of doing this is.
The control panel and all the other applications will be build in Laravel, but would like to have the option that non-laravel applications could also work with this setup.
Also, the user can have permissions, should i do this on the application layer with a relation table with all the permissions, or should this be set in the control panel DB?
Could anyone help me out? Thanks a lot!
Michel
What you try to build would undermine the basic security that is given by the internet: that websites on one domain cannot create/change/read cookies for other domains. So no. The user needs to login at every domain seperately. OAuth or API keys only give you access from one domain to values on another domain in the name of the user. However, the user still needs to be logged in at the other domain to give you access to it from the first domain.
Edit: Seems like what I say here only applies to cookie-based authentication. Wikipedia points to LDAP for use in SSO applications (https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol), but that is outside my horizon :P
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast