Single signon on different 3rd levels domains

kante

Can you suggest me any tutorial about how to implement a single signon
system

having different domain like:
mydomain.com
sub01.mydomain.com
sub02.mydomain.com
sub03.mydomain.com

I imagine that there will be a slightly different method if i want to apply the same for
different TLDs

mydomain.com , mydomain.eu , mydomain.uk .... etc?

Thanks

Derokorian

Well to support sub-domain you would want to set the cookie domain to .mydomain.com as opposed to mydomain.com or sub.mydomain.com the leading . allows any subdomain to work.

As for different TLDs I have no idea how to help you on that one, sorry!

bradgrafelman

As for the differing TLDs, one method might be to come up with a way to securely encrypt (2-way encryption, mind you, such as a public-key cryptographic algorithm.. RSA comes to mind) the username/password combination used to log in to the first domain.

Then, you could include a hidden image or simply do a redirect to the second domain with the encrypted data in the URL, e.g.:

domain2.com/login.php?data=123456789abcdef

The "login.php" script on that domain could then decrypt the cyphertext, validate the credentials, and, pending successful authentication, set a cookie for that domain.

NogDog

For different TLD's, you could look into simpleSAMLphp as a pretty robust solution.