Our company has multiple domains set up with one website hosted on each of the domains. At this time, each domain has its own authentication which is done via cookies.
When someone logged on to one domain needs to access anything from the other, the user needs to log in again using different credentials on the other website, located on the other domain.
I was thinking of moving towards single sign on (SSO), so that this hassle can be eliminated. I would appreciate any ideas on how this could be achieved, as I do not have any experience in this regard.
Thanks.
Edit: The websites are mix of internet (external) and intranet (internal-used within the company) sites.
If you use Active Directory you could have each app use AD for authentication, login could then be seamless.
Otherwise, if the applications can talk to each other behind the scenes, you could use sessionids and have one app handling id generation serving all of your other applications.
The SSO solution that I've implemented here works as follows:
Notes:
How different are the host names?
These hosts can share cookies:
But these cannot:
In the former case you can bang out a cookie-based solution. Think GUID and a database session table.
Don't re-invent the wheel. There are a number of open source cross-domain SSO packages such as JOSSO, OpenSSO, CAS, Shibboleth and others. If you're using Microsoft Technology throughout (IIS, AD), you can use microsoft federation (ADFS) instead.