Hello Everybody,
I have two rails app. Both have login pages for user authentication. The two apps have links to one another. Now what i need is when a user logs in to one app, he should not be again asked for login when he clicks the link for second app.
Please tell me how to go on?
Thanks in advance, Ak
Someone correct me if I'm wrong, but I don't think you can use standard cookies across domains.
Have you thought about using OpenID's? There are some really good OpenID gems.
If these apps are going to be used in a workplace or similar scenario, you could try to use LDAP or AD...I know there are some gems to help with this.
AD (at least) can be used on other platforms to automatically authenticate a connection w/out prompting the user for credentials. If RoR could use it that way it would amount to single-sign-on I think.
Can RoR & its typical deployment stack not use AD like that?
(I'm seriously asking, in case that's not apparent...)
Hi Arun,
I have two rails app. Both have login pages for user authentication. The two apps have links to one another. Now what i need is when a user logs in to one app, he should not be again asked for login when he clicks the link for second app.
My situation is slightly different but hopefully applicable to you. I have two apps that require a login and have created a third Rails app that servers as a single sign-on and user management system. The sign- in process goes roughly like this: 1. Each user (and directly related entities) has a UUID so that multiple DBs can be synchronised.
2. User enters credentials into SSO app, signs-in, it displays a page with links to both apps. The links are to session creation actions on the other apps and contain the user UUID and a hash of several user attributes including a nonce (one time random token).
3. Using ActiveResource the remote app calls back to the SSO app to authenticate the UUID and hash and returns the user object (as XML) which is synchronised into the remote app's DB. The nonce stored on the SSO users table is reset so links only work once (stops replay attacks).
The internal authentication system should be restricted by IP address or similar to your own apps.
Hope that helps, Andrew