Authenticate on one server, redirect to another (HIPPA)

Need help with the Administration of your Joomla! 3.x site? This is the spot for you.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
ppetree
Joomla! Apprentice
Joomla! Apprentice
Posts: 34
Joined: Wed Nov 13, 2013 7:43 pm
Location: South Florida

Authenticate on one server, redirect to another (HIPPA)

Post by ppetree » Tue Jun 25, 2019 6:54 pm

Hi all.

Hopefully the admin section is the correct place for this...

I'm working on a startup and have an entire system setup and working just fine. Now, before launch, we're facing the prospect of our first paying customers having a whole new requirement. HIPPA compliancy.

Essentially we seem to be faced with three options:
  1. Figure out how to allow users to authenticate on our main www.domain.com server and then redirect them to the HIPPA servers in a different data center as hippa.domain.com
  • Figure out how to store certain aspects of our database on the HIPPA compliant servers and reference that data via our plugins
  • Redirect the user to the appropriate server prior to login (the absolute least desirable solution)
Has anyone else worked through this problem or know of a solution?

Thanks,

P.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37171
Joined: Sat Apr 05, 2008 9:58 pm

Re: Authenticate on one server, redirect to another (HIPPA)

Post by Webdongle » Tue Jun 25, 2019 8:51 pm

http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

ppetree
Joomla! Apprentice
Joomla! Apprentice
Posts: 34
Joined: Wed Nov 13, 2013 7:43 pm
Location: South Florida

Re: Authenticate on one server, redirect to another (HIPPA)

Post by ppetree » Tue Jun 25, 2019 9:32 pm

Thanks. I searched using a number of other terms but not "multiple sites."

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 7341
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Authenticate on one server, redirect to another (HIPPA)

Post by sozzled » Tue Jun 25, 2019 9:41 pm

HIPPA-compliant or HIPAA-compliant?
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

ppetree
Joomla! Apprentice
Joomla! Apprentice
Posts: 34
Joined: Wed Nov 13, 2013 7:43 pm
Location: South Florida

Re: Authenticate on one server, redirect to another (HIPPA)

Post by ppetree » Tue Jun 25, 2019 9:51 pm

None of those extensions work. They all require the domains to be in the same data center or, in one case, on the same server.

Any other suggestions?

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 7341
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Authenticate on one server, redirect to another (HIPPA)

Post by sozzled » Tue Jun 25, 2019 9:53 pm

sozzled wrote:
Tue Jun 25, 2019 9:41 pm
HIPPA-compliant or HIPAA-compliant?
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11122
Joined: Thu Feb 15, 2007 5:48 am
Location: Oxford, UK

Re: Authenticate on one server, redirect to another (HIPPA)

Post by toivo » Tue Jun 25, 2019 10:04 pm

If you require classic Single Sign-On (SSO) capability, I can recommend from experience SSO extensions by miniOrange (no affiliation). The free plugin is available from JED at https://extensions.joomla.org/extension ... or-joomla/ but they have also a paid, non-GPL version.
Toivo Talikka, Global Moderator
troubleshooting smtp and other articles http://talikka.com/joomla

ppetree
Joomla! Apprentice
Joomla! Apprentice
Posts: 34
Joined: Wed Nov 13, 2013 7:43 pm
Location: South Florida

Re: Authenticate on one server, redirect to another (HIPPA)

Post by ppetree » Wed Jun 26, 2019 3:13 pm

Tovio, that's not what we're looking for. In fact, adding google, twitter, fb etc. would create some serious security violations.

I’m doing a startup company and I designed my system using normal methods and procedures and it will work for most of the clients I will encounter. However, in the USA, we have a healthcare law called HIPPA which requires patient data be highly protected. Because of that law, patient data can’t be mixed with standard data and actually requires special HIPPA certified data centers.

That means, to have hospitals as a customer (a huge market segment for us), we have to use HIPPA compliant web hosting which is extremely expensive and not available through our primary data center.

My thought was to have a HIPPA data center for all the hospital traffic and our regular data center for all the normal traffic; then have users login via our normal Joomla site in our normal data center and if they’re a hospital user, redirect them to the Joomla site in the HIPPA data center. Of course we wouldn’t want the users to have to login on the second site.

I took the time to write up some thoughts on the process (attached). I'm sure it has holes in it which means it's certainly open to discussion and debate and/or it may not work at all. Having said that, the document does clearly define what I see as the steps necessary to accomplish this.

I welcome all feedback.
You do not have the required permissions to view the files attached to this post.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37171
Joined: Sat Apr 05, 2008 9:58 pm

Re: Authenticate on one server, redirect to another (HIPPA)

Post by Webdongle » Wed Jun 26, 2019 3:26 pm

Question
Given the secure data has to be on a HIPPA server
Then accessing the secure data (that is on a HIPPA server) using a login from a non HIPPA server ... would that not be considered a breach of security?

A bit like insisting a lock on an office door needs to be of a certain specification but putting a key to that lock behind a door that has an ordinary paddock?
or
Like having two doors to an office ... one with a lock that meets specifications and the other with an ordinary padlock.

Bottom line
You are trying to allow access (to data on a HIPPA server) from a less secure server.

Now you see ?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

ppetree
Joomla! Apprentice
Joomla! Apprentice
Posts: 34
Joined: Wed Nov 13, 2013 7:43 pm
Location: South Florida

Re: Authenticate on one server, redirect to another (HIPPA)

Post by ppetree » Wed Jun 26, 2019 3:42 pm

No, I see your logic as a hole...

Another way to look at it as the lock can only be activated remotely.

Either way, as in any system, the system is only as secure as the users accessing it. A password as 1234567890 is a problem no matter where the lock is located.

I once worked on an association website that had a ton of CEO's and CFO's and you'd be amazed at how many of these people used the same username and password as they used on their corporate systems (we did a white hat audit and it was ASTOUNDING!). Some of these CFO's had the ability to remotely transfer millions of dollars. We forced users to attend a webinar and locked them all out until they changed their passwords (and you know some of them just changed their work password to match the association password!)

Point is, you can't fix stupid... but having one central lock is far superior to having multiple locks.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37171
Joined: Sat Apr 05, 2008 9:58 pm

Re: Authenticate on one server, redirect to another (HIPPA)

Post by Webdongle » Wed Jun 26, 2019 5:06 pm

ppetree wrote:
Wed Jun 26, 2019 3:42 pm
...

Another way to look at it as the lock can only be activated remotely.

Either way, as in any system, the system is only as secure as the users accessing it. A password as 1234567890 is a problem no matter where the lock is located....
You miss the point

IF
the less secure server that holds the login data is hacked
THEN
the hacker has all the information to login to the more secure server

or

IF
the less secure server has different login data is hacked
THEN
The hacker has the information to use that login data to login to the more secure site

Bottom line
Because the less secure server is used to login to the more secure server then if it is hacked then the hacker has full access to login to the data on the more secure server.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

ppetree
Joomla! Apprentice
Joomla! Apprentice
Posts: 34
Joined: Wed Nov 13, 2013 7:43 pm
Location: South Florida

Re: Authenticate on one server, redirect to another (HIPPA)

Post by ppetree » Wed Jun 26, 2019 7:18 pm

I didn't miss your point.

The point is, IF either server is hacked you're screwed.

The further point is, no user base is going to tolerate having to login twice and no reasonable company is going to run multiple, independent domains for multiple customer bases.

If I can't find a way to do a single sign-on safely and securely, then I won't do it at all. I'll find another way.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37171
Joined: Sat Apr 05, 2008 9:58 pm

Re: Authenticate on one server, redirect to another (HIPPA)

Post by Webdongle » Wed Jun 26, 2019 8:21 pm

ppetree wrote:
Wed Jun 26, 2019 7:18 pm
I didn't miss your point.

The point is, IF either server is hacked you're screwed....
You did miss my point
The requirements require a specific level of security. The moment that you have a non HIPPA certified data center accessing a HIPPA certified data center then you are not complying.

It's like saying the office door has a high security lock but the key is in a box that has a low quality padlock. The office is not as safe as the doors lock it is only as safe as the padlock.

I have tried to explain it as clearly as possible.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3811
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: Authenticate on one server, redirect to another (HIPPA)

Post by gws » Thu Jun 27, 2019 2:44 pm



Post Reply

Return to “Administration Joomla! 3.x”