Skip to main content

Ralsina.Me — Roberto Alsina's website

My company has a website now

And you can see it at­man­ager­s.­

It's span­ish on­ly right now, but that will change in a week or so.

It was an in­ter­est­ing job, be­cause we are us­ing three web apps writ­ten in three dif­fer­ent lan­guages (ph­p/python/per­l) and I want­ed to pro­vide our cus­tomers with a sin­gle lo­gin for all three.

It was a bit of ef­fort, but ed­u­ca­tion­al :-D

On oth­er news, there is now a "Tip­it" link on each post. What's that for? Well, you can use it to give me mon­ey. You get to be list­ed as "guy that gave Rober­to mon­ey", too (as soon as there is one ;-).

Magnus Reftel / 2008-04-02 19:39:

Cool! Care to tell a bit about how you solved the multiple login issue?

Roberto Alsina / 2008-04-03 00:31:

I'll make a new post about it in a while, but here's the basic idea.

The login system I wanted to use was provided by the CMS, and worked by setting a cookie with a value you use to lookup the user on the DB, on a sessions table.

So, I wanted to use that information to login the user into the other apps.

I did it in two different ways.

In one case, I could not really modify the app, because it's written in perl.

So, I wrote two CGIs, one to login, one to logout.

The login CGI checks the CMS cookie, figures out the user, sets a cookie as the app wants it, and adds an entry on its DB (a BDB hash, really) with the information about the user.

Then it redirects the browser to the real app page.

Since for this app it seems the user is logged in already, it skips the login, and that's it.

Then catch with an apahe redirect the logout from the app, send it to the logout cgi, which removes the app's cookie and redirects to the CMS logout page.

For the other app, I could hack it (it was in python) so I did it a bit different:

I hacked the app so it would recognize the CMSs cookie instead of its own, and created a view in the CMS DB that presents the CMSs users in the way the app prefers them.

In this way, it uses exactly the same information as the frontend.

Again, I needed to catch the logout request and redirect to the CMS's logout page.

It's a bit vague, but I am a bit scared of mentioning the apps or how exactly I did it :-D

Magnus Reftel / 2008-04-04 10:43:

Well, it was clear enough that I understood you =)
This redirecting back-and-forth way seems to be how people have settled on doing SSO. I've always preferred the authenticating reverse proxy, but then again there does not seem to be a good opensource solution for it. I really should do something about that some day...

Contents © 2000-2024 Roberto Alsina