Ir al contenido principal

Ralsina.Me — El sitio web de Roberto Alsina

Mi empresa tiene una página web

Por aho­ra só­lo en es­pa­ño­l, pe­ro eso cam­bia en una se­ma­na, más o me­no­s.

Fue un tra­ba­jo in­te­re­san­te, por­que es­ta­mos usan­do tres apli­ca­cio­nes web en tres len­gua­ges (ph­p/­p­y­tho­n/­per­l) y que­ría dar­le a los usua­rios un úni­co lo­gin pa­ra las tres.

Fue un es­fuer­zo, pe­ro fué edu­ca­ti­vo :-D

En otras no­ti­cia­s, hay un li­nk "Ti­pi­t" en ca­da pos del blo­g. ¿Pa­ra qué sir­ve? Pa­ra dar­me di­ne­ro. Y sa­len lis­ta­dos co­mo "gen­te que le dió di­ne­ro a Ro­ber­to" (a­pe­nas ha­ya al­guien ;-)

Magnus Reftel / 2008-04-02 19:39:

Cool! Care to tell a bit about how you solved the multiple login issue?

Roberto Alsina / 2008-04-03 00:31:

I'll make a new post about it in a while, but here's the basic idea.

The login system I wanted to use was provided by the CMS, and worked by setting a cookie with a value you use to lookup the user on the DB, on a sessions table.

So, I wanted to use that information to login the user into the other apps.

I did it in two different ways.

In one case, I could not really modify the app, because it's written in perl.

So, I wrote two CGIs, one to login, one to logout.

The login CGI checks the CMS cookie, figures out the user, sets a cookie as the app wants it, and adds an entry on its DB (a BDB hash, really) with the information about the user.

Then it redirects the browser to the real app page.

Since for this app it seems the user is logged in already, it skips the login, and that's it.

Then catch with an apahe redirect the logout from the app, send it to the logout cgi, which removes the app's cookie and redirects to the CMS logout page.

For the other app, I could hack it (it was in python) so I did it a bit different:

I hacked the app so it would recognize the CMSs cookie instead of its own, and created a view in the CMS DB that presents the CMSs users in the way the app prefers them.

In this way, it uses exactly the same information as the frontend.

Again, I needed to catch the logout request and redirect to the CMS's logout page.

It's a bit vague, but I am a bit scared of mentioning the apps or how exactly I did it :-D

Magnus Reftel / 2008-04-04 10:43:

Well, it was clear enough that I understood you =)
This redirecting back-and-forth way seems to be how people have settled on doing SSO. I've always preferred the authenticating reverse proxy, but then again there does not seem to be a good opensource solution for it. I really should do something about that some day...


Contents © 2000-2024 Roberto Alsina