[wp-hackers] Single sign-on SSL domain
Glenn Ansley
glenn at glennansley.com
Thu Jul 23 13:53:57 UTC 2009
If this problem was tasked to me, I would probably explore using the
CUSTOM_USER_TABLE and CUSTOM_USER_META_TABLE constants [1] along with
the SET_COOKIE_DOMAIN constant [2].
If all your installs have access to the same MySQL server, the user
tables won't be a problem. The COOKIES shouldn't be a problem either.
A user is deemed logged in or not logged in based on COOKIES. You
would just have to make sure that a) Your authentications blog set the
COOKIE correct, b) that your other blogs looked for the correct COOKIE
to determine whether or not the user was logged in and c) all your
salts were set the same across all blogs [3].
FullThrottle recently did something very similar for a client and
documented it on our blog [4]. We weren't using SSL to login... but
that shouldn't matter since you will only be handling logins from one
blog.
Bonus points: On all your actual blogs, redirect any requests for the
login page to your SSL login along with a referral query. Then send
them back after they're logged in via the SSL blog.
I'm sure there's some hurdles to jump there as I've never done this
exact thing, but that's how I would proceed.
[1] http://codex.wordpress.org/Editing_wp-config.php#Custom_User_and_Usermeta_Tables
[2] http://codex.wordpress.org/Editing_wp-config.php#Set_Cookie_Domain
[3] http://codex.wordpress.org/Editing_wp-config.php#Security_Keys
[4] http://fullthrottledevelopment.com/setting-a-single-login-across-wp-wpmu
Glenn Ansley
Owner / Developer | FullThrottle Development, LLC
http://fullthrottledevelopment.com
http://twitter.com/full_throttle
(919) 522-1532
On Thu, Jul 23, 2009 at 5:19 AM, Eric Marden<wp at xentek.net> wrote:
> Check out startssl.com for cheaper certs (including standard ones for free).
> You'll need to jump through a few hoops, and know how to use Client
> certficate to authenticate to the site. Its easy once you do it once.
>
> In addition if you have the ability to configure your server(s) more
> directly, you may also be able to set up a reverse proxy to handle your SSL
> across your sites:
> http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
>
> -e
>
> - Eric Marden
> __________________________________
> http://xentek.net/code/wordpress/
>
>
>
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list