3

we are trying to implement single sign on, across multiple domains, but using the same web application under IIS. We have checked some solutions like SAML and OAuth however we are not sure we need anyone of these two. We dont know how we could share the cookie accross the domains, I dont think it's possible but correct me if I'm wrong.

We have looked at google's solution when you go to youtube and you are authenticated with your google account it pulls out your username and your info, but we have no idea how they do this, because it's another domain so the cookie should not travel to youtube. If you have any suggestions on how to do this they more than welcome.

ryudice
  • 36,476
  • 32
  • 115
  • 163
  • did you you tried ASP.NET Single Sign On? http://stackoverflow.com/questions/3597294/asp-net-mvc-single-sign-on-and-roles – balexandre Jul 04 '12 at 17:41
  • 2
    That's for subdomains, I'm using two different domains, so there is no way to reuse the cookie, as the guy in that posts does. – ryudice Jul 04 '12 at 17:45
  • How does the user navigate between SiteA and SiteB? Do you have control over that (by using links for example) or an authenticated user on SiteA (that hasn't visited SiteB yet) could type the url of SiteB directly in his browser bar and he needs to automatically be logged on SiteB? If you have control over the navigation then there's a very easy way to achieve that. If you don't have control and need to support the scenario I described you will have to look at more advanced SSO protocols. – Darin Dimitrov Jul 04 '12 at 17:47
  • The idea is that when the user just moves to the other site by typing it the URL in the browser it should be logged in in the other site too. – ryudice Jul 04 '12 at 17:50
  • Alright, it's gonna be though then :-) Be prepared to suffer and read a lot of documentation, specifications and protocols. – Darin Dimitrov Jul 04 '12 at 17:50
  • You've already mentioned some of the solutions in your question, except that you overruled them as something that you were not sure you're gonna need. OAuth is one way of achieving this task. – Darin Dimitrov Jul 04 '12 at 17:55
  • well I discarded Oauth because its usage is primarily API's, I dont know about SAML, I'm new to it and from what I have read so far it looks very complex, I thought there might exist and easier way. Would you recommend OAuth or SAML? – ryudice Jul 04 '12 at 17:57

1 Answers1

1

You may take a look at the following blog post in which Jeff Atwood explains the mechanism used by the StackExchange network to support cross domain single-sign-on relying on HTML5 Local Storage. And here are some more technical details.

Community
  • 1
  • 1
Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • how we can link users table for multiple domains and multiple database ? , [here](http://stackoverflow.com/questions/37455622/design-users-table-for-single-sign-on-to-use-across-sub-domains) is my question. Thank you. – Shaiju T Jun 21 '16 at 06:50