I’ve chosen to have multiple applications (each with its own subdomain)
with one database and am using LoginEngine for my authentication.
I’ve also added this technique for persisting logons, but am using LE’s
security_token instead of making a new field in the User model:
http://www.turnofthecrank.com/2006/03/08/how-to-persist-rails-sessions-via-cookies-using-the-login-engine-plugin/
How are people using LE for single-sign-on in this manner?
-
I’ve tried writing out the login cookie w/ the :domain set to the full
domain (e.g., :domain => ‘.mysite.com’), but can’t seem to read the
cookie back in on refresh. -
Also, are people duplicating the LE code across the different apps? Or
are people having a separate subdomain/application to handle logins,
like what is recommended here (though with a bit of extra work):
http://poocs.net/2005/10/2/multi-domain-single-signon
Thoughts? Discussions? Single sign-on seems ripe for a well documented,
possible plugin-based solution. Or maybe just some features added to
LE?
thx,
–dwf