Single Sign-on for two rails app

Hello Everybody,

I have two rails app. Both have login pages for user authentication. The
two apps have links to one another. Now what i need is when a user logs
in to one app, he should not be again asked for login when he clicks the
link for second app.

Please tell me how to go on?

Thanks in advance,
Ak

Someone correct me if I’m wrong, but I don’t think you can use
standard cookies across domains.

Have you thought about using OpenID’s? There are some really good
OpenID gems.

If these apps are going to be used in a workplace or similar scenario,
you could try to use LDAP or AD…I know there are some gems to help
with this.

On Jul 15, 6:19 am, Arun K. [email protected]

p_W wrote:

Someone correct me if I’m wrong, but I don’t think you can use
standard cookies across domains.

He didn’t say the apps were on separate domains.

Have you thought about using OpenID’s? There are some really good
OpenID gems.

Sure, but this will not get around the cross-domain cookie issue. If
the apps are on separate domains, the user will still have to enter his
OpenID twice.

If these apps are going to be used in a workplace or similar scenario,
you could try to use LDAP or AD…I know there are some gems to help
with this.

Again, I don’t think this would help authenticate to multiple apps.
There may be other good reasons to use these methods of authentication,
but they do not address the OP’s issue.

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

AD (at least) can be used on other platforms to automatically
authenticate a connection w/out prompting the user for credentials. If
RoR could use it that way it would amount to single-sign-on I think.

Can RoR & its typical deployment stack not use AD like that?

(I’m seriously asking, in case that’s not apparent…)

The Most suitable solution would be to develop a Web Service in Rails
and use it for authentication.

This WS can be used even for your future projects.

Correct me if I am wrong.

p_W wrote:

Someone correct me if I’m wrong, but I don’t think you can use
standard cookies across domains.

Both the applications are on the same domain. I found out a solution-
Rubycas server ( Google Code Archive - Long-term storage for Google Code Project Hosting. ) which could
do this job…
But i dont want a third party server to authenticate the user.

So is there any other solution?

Thanks in advance,
Ak

Have you thought about using OpenID’s? There are some really good
OpenID gems.

If these apps are going to be used in a workplace or similar scenario,
you could try to use LDAP or AD…I know there are some gems to help
with this.

On Jul 15, 6:19�am, Arun K. [email protected]

Hi Arun,

On Jul 15, 11:19 am, Arun K. [email protected]
wrote:

I have two rails app. Both have login pages for user authentication. The
two apps have links to one another. Now what i need is when a user logs
in to one app, he should not be again asked for login when he clicks the
link for second app.

My situation is slightly different but hopefully applicable to you. I
have two apps that require a login and have created a third Rails app
that servers as a single sign-on and user management system. The sign-
in process goes roughly like this:

1. Each user (and directly related entities) has a UUID so that
   multiple DBs can be synchronised.

2. User enters credentials into SSO app, signs-in, it displays a page
   with links to both apps. The links are to session creation actions on
   the other apps and contain the user UUID and a hash of several user
   attributes including a nonce (one time random token).

3. Using ActiveResource the remote app calls back to the SSO app to
   authenticate the UUID and hash and returns the user object (as XML)
   which is synchronised into the remote app’s DB. The nonce stored on
   the SSO users table is reset so links only work once (stops replay
   attacks).

The internal authentication system should be restricted by IP address
or similar to your own apps.

Hope that helps,
Andrew