Best Practices for Multiple site One login
61 views
Skip to first unread message
Mitchell Gould
Feb 9, 2011, 4:29:24 AM2/9/11
to rubyonra...@googlegroups.com
Hi,
I am developing a series of sites with similar themes. As such I would
like to give the user access to all of the sites once they have
registered with any one of the sites.
I am developing a series of sites with similar themes. As such I would
like to give the user access to all of the sites once they have
registered with any one of the sites.
What are the pitfalls and best practices for this in Rails.
Thank you in advance.
Mitch
--
Posted via http://www.ruby-forum.com/.
Jaymin Shah
Feb 9, 2011, 4:41:00 AM2/9/11
to rubyonra...@googlegroups.com
I would suggest exploring openID implementation.
regards,
Jaymin
regards,
Jaymin
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonra...@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-ta...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Mitchell Gould
Feb 9, 2011, 5:26:19 AM2/9/11
to rubyonra...@googlegroups.com
Jaymin Shah wrote in post #980516:
> I would suggest exploring openID implementation.
>
> regards,
> Jaymin
> I would suggest exploring openID implementation.
>
> regards,
> Jaymin
Thanks Jaymin I will check it out now.
Phoenix Rising
Feb 9, 2011, 5:43:14 AM2/9/11
to Ruby on Rails: Talk
There are a couple ways you can go. If you're in a corporate
environment (as I was when I last did something like this), you may
want to integrate with an LDAP server of some kind (in my case it was
ActiveDirectory 2008). You'd then authenticate your users through
that LDAP server across all the sites you're running. You can even
set this kind of configuration up outside of a corporate environment -
having your own LDAP server (Open LDAP is a damn sight cheaper than
ActiveDirectory though!). Just make sure that if you do it this way,
you set up your LDAP server to be inaccessible from the outside world
as a security precaution.
Another possible route, similar to what Jaymin mentioned above, would
be using something like the Omniauth gem to allow users to
authenticate with their Google, Twitter, Facebook <whatever else>
accounts. Ryan Bates over at railscasts.com has several great
screencasts on omniauth, and I strongly encourage you to check them
out!
If you really (and I mean reeeeeeeaaaaaaly) want to roll your own, you
could. You could set up a RESTful service that would communicate with
your three apps and allow them to authenticate a user or not.
I'd recommend against rolling your own simply because when you do
that, you run the risk of overlooking a few details that could open
your app up to various hacks (think weak encryption ciphers, broken
session handling, etc.), and the open source projects already out
there have had a lot more eyes look at their code to make sure it
doesn't have any gaping holes in it than anything you could roll on
your own without open sourcing it and lots of scrutiny. Besides, why
do the work when you can have somebody else do it? :-)
There are a lot of different ways to go about it, but those are a few
options for you to take a look at! Good luck!
environment (as I was when I last did something like this), you may
want to integrate with an LDAP server of some kind (in my case it was
ActiveDirectory 2008). You'd then authenticate your users through
that LDAP server across all the sites you're running. You can even
set this kind of configuration up outside of a corporate environment -
having your own LDAP server (Open LDAP is a damn sight cheaper than
ActiveDirectory though!). Just make sure that if you do it this way,
you set up your LDAP server to be inaccessible from the outside world
as a security precaution.
Another possible route, similar to what Jaymin mentioned above, would
be using something like the Omniauth gem to allow users to
authenticate with their Google, Twitter, Facebook <whatever else>
accounts. Ryan Bates over at railscasts.com has several great
screencasts on omniauth, and I strongly encourage you to check them
out!
If you really (and I mean reeeeeeeaaaaaaly) want to roll your own, you
could. You could set up a RESTful service that would communicate with
your three apps and allow them to authenticate a user or not.
I'd recommend against rolling your own simply because when you do
that, you run the risk of overlooking a few details that could open
your app up to various hacks (think weak encryption ciphers, broken
session handling, etc.), and the open source projects already out
there have had a lot more eyes look at their code to make sure it
doesn't have any gaping holes in it than anything you could roll on
your own without open sourcing it and lots of scrutiny. Besides, why
do the work when you can have somebody else do it? :-)
There are a lot of different ways to go about it, but those are a few
options for you to take a look at! Good luck!
Mauro
Feb 9, 2011, 6:14:52 AM2/9/11
to rubyonra...@googlegroups.com
On 9 February 2011 09:29, Mitchell Gould <li...@ruby-forum.com> wrote:
> Hi,
> I am developing a series of sites with similar themes. As such I would
> like to give the user access to all of the sites once they have
> registered with any one of the sites.
>
> What are the pitfalls and best practices for this in Rails.
> Hi,
> I am developing a series of sites with similar themes. As such I would
> like to give the user access to all of the sites once they have
> registered with any one of the sites.
>
> What are the pitfalls and best practices for this in Rails.
We do it using OpenLDAP, a cas server and rubycas-client.
Patrick Robertson
Feb 9, 2011, 6:35:42 AM2/9/11
to rubyonra...@googlegroups.com
I'd suggest creating an OAuth provider application for your SSO needs and then have each app for the SSO be a consumer: http://www.railsatwork.com/2010/10/implementing-oauth-provider-part-1.html
It's how 37signals handles SSO across their products and I think it works out pretty well.
-Patrick Robertson
alexey.Creopolis
Feb 10, 2011, 6:15:03 AM2/10/11
to Ruby on Rails: Talk
we used http://code.google.com/p/rubycas-server/
excellent stuff if you dont want to mess(not really much work) with
OpenID or similar ..
excellent stuff if you dont want to mess(not really much work) with
OpenID or similar ..
Matt Jones
Oct 2, 2012, 8:18:06 AM10/2/12
to rubyonra...@googlegroups.com
On Monday, 1 October 2012 05:42:13 UTC-4, thansika malar wrote:
Loginbuilder.com offers Single Sign On (SSO) service for multiple website owners. Make use of this service to give your users share one login to use all your websites. User details maintenance is made easier here.
Next time you want to spam old threads with ads for your login service, at least check to see if the list focuses on the same technology as your service (PHP).
--Matt Jones
Reply all
Reply to author
Forward
0 new messages