Single Sign On for Web Services
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Andreas_Bergmann
Posted On:   Monday, February 11, 2002 04:21 AM

I am busy trying to implement a single sign on login server for a web services project I'm currently working on. Does anyone have any suggestions as to where I can start.
Are there some white papers.
Or better yet does someone have a rough implementation plan that indicates the classes used and apllications used etc. Thanks.

Re: Single Sign On for Web Services

Posted By:   roy_ngan  
Posted On:   Tuesday, March 26, 2002 08:49 PM

I just have an idea on how to implement a single sign on. But I'm not sure whether it will has any problem.


Assume the requirement is that when the user has logged in site A, he does not need to login site B anymore. And A can B can share a common database.

The scenario is :

1. User logged in A

2. A writes a the user ID, and a random key into DB.

3. A writes the user ID and the key in a cookie, and the cookie is made available to B.

4. When user goes to B, B checks that it has a user ID and key in the cookie. Then B checks whether the user ID and key exists in DB.

5. If the DB record exists, B allows the user login.

6. When the user logged out from either A or B, the DB record is removed.


Does anyone see any security flaws here?


Roy

About | Sitemap | Contact