Hello Everybody, I have two rails app. Both have login pages for user authentication. The two apps have links to one another. Now what i need is when a user logs in to one app, he should not be again asked for login when he clicks the link for second app. Please tell me how to go on? Thanks in advance, Ak -- Posted via http://www.ruby-forum.com/.
Someone correct me if I''m wrong, but I don''t think you can use standard cookies across domains. Have you thought about using OpenID''s? There are some really good OpenID gems. If these apps are going to be used in a workplace or similar scenario, you could try to use LDAP or AD...I know there are some gems to help with this. On Jul 15, 6:19 am, Arun Kumar <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Hello Everybody, > > I have two rails app. Both have login pages for user authentication. The > two apps have links to one another. Now what i need is when a user logs > in to one app, he should not be again asked for login when he clicks the > link for second app. > > Please tell me how to go on? > > Thanks in advance, > Ak > -- > Posted viahttp://www.ruby-forum.com/.
p_W wrote:> Someone correct me if I''m wrong, but I don''t think you can use > standard cookies across domains.He didn''t say the apps were on separate domains.> > Have you thought about using OpenID''s? There are some really good > OpenID gems.Sure, but this will not get around the cross-domain cookie issue. If the apps are on separate domains, the user will still have to enter his OpenID twice.> > If these apps are going to be used in a workplace or similar scenario, > you could try to use LDAP or AD...I know there are some gems to help > with this.Again, I don''t think this would help authenticate to multiple apps. There may be other good reasons to use these methods of authentication, but they do not address the OP''s issue. Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/.
AD (at least) can be used on other platforms to automatically authenticate a connection w/out prompting the user for credentials. If RoR could use it that way it would amount to single-sign-on I think. Can RoR & its typical deployment stack not use AD like that? (I''m seriously asking, in case that''s not apparent...) -----Original Message----- From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org [mailto:rubyonrails-talk@googlegroups.com] On Behalf Of Marnen Laibow-Koser Sent: Wednesday, July 15, 2009 8:06 AM To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Subject: [Rails] Re: Single Sign-on for two rails app p_W wrote:> Someone correct me if I''m wrong, but I don''t think you can use > standard cookies across domains.He didn''t say the apps were on separate domains.> > Have you thought about using OpenID''s? There are some really good > OpenID gems.Sure, but this will not get around the cross-domain cookie issue. If the apps are on separate domains, the user will still have to enter his OpenID twice.> > If these apps are going to be used in a workplace or similar scenario, > you could try to use LDAP or AD...I know there are some gems to help > with this.Again, I don''t think this would help authenticate to multiple apps. There may be other good reasons to use these methods of authentication, but they do not address the OP''s issue. Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/. GHC Confidentiality Statement This message and any attached files might contain confidential information protected by federal and state law. The information is intended only for the use of the individual(s) or entities originally named as addressees. The improper disclosure of such information may be subject to civil or criminal penalties. If this message reached you in error, please contact the sender and destroy this message. Disclosing, copying, forwarding, or distributing the information by unauthorized individuals or entities is strictly prohibited by law.
p_W wrote:> Someone correct me if I''m wrong, but I don''t think you can use > standard cookies across domains.Both the applications are on the same domain. I found out a solution- Rubycas server ( http://code.google.com/p/rubycas-server/ ) which could do this job... But i dont want a third party server to authenticate the user. So is there any other solution? Thanks in advance, Ak> > Have you thought about using OpenID''s? There are some really good > OpenID gems. > > If these apps are going to be used in a workplace or similar scenario, > you could try to use LDAP or AD...I know there are some gems to help > with this. > > > On Jul 15, 6:19�am, Arun Kumar <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>-- Posted via http://www.ruby-forum.com/.
The Most suitable solution would be to develop a Web Service in Rails and use it for authentication. This WS can be used even for your future projects. Correct me if I am wrong. -- Posted via http://www.ruby-forum.com/.
Hi Arun, On Jul 15, 11:19 am, Arun Kumar <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> I have two rails app. Both have login pages for user authentication. The > two apps have links to one another. Now what i need is when a user logs > in to one app, he should not be again asked for login when he clicks the > link for second app.My situation is slightly different but hopefully applicable to you. I have two apps that require a login and have created a third Rails app that servers as a single sign-on and user management system. The sign- in process goes roughly like this: 1. Each user (and directly related entities) has a UUID so that multiple DBs can be synchronised. 2. User enters credentials into SSO app, signs-in, it displays a page with links to both apps. The links are to session creation actions on the other apps and contain the user UUID and a hash of several user attributes including a nonce (one time random token). 3. Using ActiveResource the remote app calls back to the SSO app to authenticate the UUID and hash and returns the user object (as XML) which is synchronised into the remote app''s DB. The nonce stored on the SSO users table is reset so links only work once (stops replay attacks). The internal authentication system should be restricted by IP address or similar to your own apps. Hope that helps, Andrew