I have main site example.com where users can register and login or just login with openid.
Logged in users can create their own sites with subdomains like mysite.example.com.
Every user can have multiple sites.
Every site is cakephp app.
Every cake app has its own ACL.
How do I deploy authorization so users logged in to the main site, are also logged in to their own sites.
Two main requirements here:
Client-side cookie needs to be valid for all applications
Check the cookie set by CakePHP on the client side (FireCookie is good for this). The domain part of the cookie needs to read .example.com (not www.example.com) in order for it to apply to sub-domains. This might work in bootstrap.php:
ini_set('session.cookie_domain', '.example.com');
Server-side session storage needs to be accessible by all applications
In core.php for each application, set a common session storage. Options are:
php: This will use the PHP defined session storage directory, which should be the same for all applications.
database: If all applications use the same database, this could be an option.
cake: For this to work, you would need to define a common /tmp directory for each application.
Related
I have two applications hosted on same IIS server. These applications have same users. Once authenticated, I am creating cookie using Angular like below:
$cookies.putObject(key, cookie)
I have kept the key same for both the applications.
Now, when I login to one application, this cookie gets created. But when I try to access second application, below code reads null.
$cookies.getObject(key)
Can I read this cookie from other application so that after login to one application, user need not to enter login credentials to other application.
Thanks.
you might be able use localstore to share data but its a huge security risk. I would not do it. I recommend using sessionstore instead och cookies when it comes to authentification. In your case it's be better to use some single signed on solution. Its a lot of them out there. OR: if you host both applications. Maybe you should merge the applications into one?
I need your help in this case.
Is there an easy way to share login information between two CakePHP 2.x apps on the same main domain but different sub-domain on multiple servers?
How can user logged in at A app, and B app know if a user is logged in or not.
I have two separate applications (app1 and app2 based on MEAN stack) running on my server. I want to add a new application that manages the authentication for both applications. I mean if I try to log in from app1, it redirects me to a login form in auth application, and after login I come back to the previous url in app1. After that, if I go to app2, I'm still logged in.
I'm looking to implement something like similar to the google accounts/ServiceLogin: I can log in one time, and the session remains for almost all google products.
Something important is that I use subdomains for each app: app1.mydomain.com and app2.mydomain.com.
How can I do that using node and express?
Currently I use vhost to manage each subdomain.
You're looking for a single sign on solution.
I'm only familiar with one solution that Stormpath provides, which is called 'ID site'. It's basically a hosted authentication site that handles auth for you, then passes logged in users between your subdomains.
The way it works is like this:
User visits www.yousite.com.
User clicks 'login'.
User is re-directed to login.yoursite.com.
User then logs in.
User is then redirected to dashboard.yoursite.com and is fully authenticated (SSO).
You can implement this quite easily using express-stormpath, here's the relevant docs: https://docs.stormpath.com/nodejs/express/product.html#use-hosted-login
How can I make a valid Auth session with all subdomains including www.example.com and http://example.com addresses
Now CakePHP just broke Auth session if one is created on www., and you visit the website without www.! And vice versa.
I can't use redirect to http://www.example.com if users are comming without using www., because there will be a lot of subdomains and redirect becomes not an option.
Thanks!!!
I'm not at my computer at the moment, but you might be able to override the session domain by adding this to your app/Config/bootstrap.php
ini_set("session.cookie_domain", ".example.com");
The CakePhp Session doesn't seem to have a configuration option to set this, but the standard php configuration should probably work.
Related questions can be found here;
CakePHP keep session from main domain across to a subdomain
PHP Sessions across sub domains
I've set up an AppEngine account using Google Apps Authentication and I've resigned myself to the fact that it can't be changed. But can you switch the domain that it's bound to?
UPDATE
Forgot one point. We've already added users from the new domain as AppEngine administrators and we're able to log into the AppEngine console with them. But there are certain URLs in the app itself (e.g. cron jobs/task queues) that we've restricted to access by admins only. When we try to access them, we are directed to the domain-specific AppEngine page (i.e. http://appengine.google.com/a/myolddomain.com) to log in. When I update the URL to the new domain, I can log in but then I get a page saying "The page is requesting permission to access your Google account. Select an account you would like to use." And there are no options in the list to select. I can click Continue but then I'm redirected back to the login page for the old domain again.
No. If you created an app with Google Apps authentication, it is tied to that domain to authenticate against forever. This only matters if you're using the Users API, of course.
Yes you can switch to another domain. App Engine is a service in your apps domain. Because it is a service, I think you can add the same appspot service to multiple apps domains.