Joomla 1.5 - Single Sign-on (SSO) issue (multisites)

[przemko]

Hello,

I have an issue that I would like to resolve, but I don't really know how to do it. As far as I know the issue (or rather its resolution) is called Single Sign-on.
I have 3 joomla sites. I'm using a plug-in that authorizes users basing on username and password stored in external database. This solves the problem of having 3 user databases and allows me to have only one database. But my users still have to log-in to SiteA then if they navigate to SiteB they have to log-in once again. After they navigate to SiteC they must log-in for the third time.
I would like users authorized in SiteA and passing from SiteA to SiteB to be automatically authorized in SiteB (and vice versa). The same with navigation to SiteC. Could anyone tell me how can I do this?
Probably I should mention that I have only virtual host on an ISP server, so I can't install/modify the system.

cheers!
PK

[przemko]

I can't belive nobody knows the answer...

Anyone?

[WO-Jacob]

basically, the way I see it working is this:

You will need to create an extension. It may be able to be done with a plugin, but I think it will likely need to be a component, though I'm not sure.

The easiest route, and this is not secure by any means, so you'll want to get creative, is to use the user id.

When you link from one site to another, you would link like:

http://www.othersite.com/index.php?opti ... 32kjhdssd=

redirect_to is going to be a base64 hash of the url to send them to after the login is processed.

Granted, using the ID like this is a /bad/ idea, as someone could manually change that, but perhaps you could do a little encryption with mcrypt, and make the likelihood of abuse much less likely.

What would be even better is if you created a 2nd shared db table, and on login, generated a random string that would be used for passing that authentication.

I hope this helps. Perhaps I'll look at this as an idea for an extension to make when I'm done with the current one.

[przemko]

Thanks for the idea. I think this way we can achieve the goal, but the url will be "dirty". This is what I don't like in this idea.

Yesterday evening I found something that is "almost" solving the problem:
I wrote a plugin which is launched by event: "onAfterInitialise". This plugin is creating session for a user. This solution works perfectly if I hardcode the username or userid at the beginning of the plugin. What left to do is: somehow retrieve the userid or username from the client instead of hardcoding it. Unfortunately I have no idea how client's browser could give me these data while I'm switching from siteA.com to siteB.com.
I was trying to set-up and use _SERVER['REMOTE_USER'], but it seems that Joomla is reseting this variable each time a page is being reloaded.
I need an idea how to solve this

[chaz_winter]

I too am working on this issue.

I've two sites Joomla 1.5.4 sites ( ex. http://domain.com & https://secure.domain.com ) that run off the same database. The sites are identical and I'm only using the https:// mirror to submit certain sensitive data. Everything works w/out a hitch, except that the user is asked to login again when transitioning from the http:// to https:// site.

Obviously, there is something in the session data that is somehow links the session to the domain used when the session is created.

Any ideas?

[jkovar]

Have you looked at the Multisites Pro component from E-Learningforce? I think it allows signing in to main site and then navigating to sub sites and still being logged in.

I am looking into it as I have a similar need.