[wp-hackers] Single sign-on SSL domain

Scot Hacker shacker at birdhouse.org
Wed Jul 22 22:00:04 UTC 2009


I'm in a situation where all WP logins will need to go SSL. We have a  
lot of domains but not a lot of IP addresses to go around.  
Historically all of our domains have been vhosts on a single server.  
But since SSL requires one IP per domain, we're kind of stuck.

Two possibilities we're considering:

1) Require all logins to be OpenID, pushing the login process off to  
another server so we don't have to worry about it. The challenge here  
is that the existing OpenID plugin for WP does not provide a way to  
*force* OpenID logins. Submitted a ticket to that project asking for  
the feature, but no response in two weeks.

2) Somehow configure apache to route login requests to a central  
domain for sign-in. So:

ssldomain.edu  <-- has cert

Attempting to log in at domain.org would pass the user to  
ssldomain.edu for authentication and then back to domain.org. I  
believe I can use an apache Alias system so that the user would really  
be at ssldomain.edu/domain.org but would appear to be at domain.org.  
Has anyone tried something like this? Tricky? Successful? Pitfalls?  
Recipes to share? What would need to happen on the WP side to work  
with a system like this? Is it even possible?

3) Other... ?

Thanks for any suggestions.

Scot



More information about the wp-hackers mailing list