Transparent Single Sign On across multiple websites
I have a network of sites. Some of them as subdomains and other as domains. I want to create a central login place for all my users like http://login.example.com/ where they can log in. I have a sign in link on all the sites which the user can click to sign in. If they sign in once, they should be transparently logged in to all all other sites as well. I would also want to get them logged off the entire network if they log off on one site I do not want to send them back to http://login.example.com/ when they go to a different site of the network. Is it possible to implement this? Can oAuth or OpenId help me with this? How can I implement such a solution referably in Python using Django? Is it possible to implement t开发者_运维百科his securely without using SSL?
Here's one example of how this can work. When a Wikipedia (en.wikipedia.org) editor logs in, images are loaded from Wikipedia's sister sites such as Wiktionary (en.wiktionary.org), Wikinews (en.wikinews.org), and others. The images' URLs contain query strings as tokens that prove that the user is logged in, and that way, the server can set cookies on all the main domains that it needs to (working like ad networks' user tracking).
Create an account on Wikipedia if you want to see it in action. Hint: Wikipedia has many different sites for different languages, but it only has to set one cookie for itself because all of the different languages are subdomains under the same domain (wikipedia.org).
When the user has successfully logged in, put auto-sending forms which login him on all the other sites that target iframes on the page he sees next. Alternatively, if a session-id is valid across all domains, put images on the page he sees next that point to URLs like "domain5.example.org/setcookie?cookie=65277af767fea" which return Set-Cookie-headers.
精彩评论