Managing and synchronising users on multiple sites

[Stodge]

I have several Django sites and I need to synchronize user accounts across them all. I need the ability to create the same user on all sites at the same time and also to keep their info in sync. The servers are in different locations in DMZs and can't open connections to external servers. So no third party access. I thought I could write a Java app that uses a REST API to query and update accounts to synchronize them but that opens a security issue as I have to expose the ability to read/write passwords. I can't think of any other solutions - any ideas? Thanks

[Gergely Polonkai]

How about an SSO solution hosted at one of the sites? When the user logs in, the site authenticates them against the SSO, and fetches user data. See Stack Exchange sites (Stack Overflow, Server Fault, etc) as an example.

On 8 Nov 2015 18:24, "Stodge" <sto...@gmail.com> wrote:

I have several Django sites and I need to synchronize user accounts across them all. I need the ability to create the same user on all sites at the same time and also to keep their info in sync. The servers are in different locations in DMZs and can't open connections to external servers. So no third party access. I thought I could write a Java app that uses a REST API to query and update accounts to synchronize them but that opens a security issue as I have to expose the ability to read/write passwords. I can't think of any other solutions - any ideas? Thanks

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c05af7b9-965c-47d9-9106-524a1e6cd46d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Stodge]

The servers are in DMZs in different cities. I don't control the firewall configuration and I'm not allowed to open extra ports.

[Gergely Polonkai]

I meant web based SSO :) The aforementioned Stack Exchange sites work like this; when you authenticate to one of their sites, you actually authenticate to Stack Exchange, which sets a cookie that is processed by the sites. This can be done by one of the already available web servers (although a separate one would be the best)

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5cd372d7-9b36-4fe2-8381-dfcd69e63eba%40googlegroups.com.