we
also came up with another solution that is somewhat complex to code, but the end
result is pretty fair. have the authorization/main server send it's sessionid
for this particular client to the other server in the first request, which could
even be done with a post method. then, have the other server store that
sessionid in a session and upon every request for a page on that server, have it
do an http post back to the authorization server with the sessionid to make sure
that session is still authenticated on the main server. I currently don't see
any particular security holes or drawbacks to this solution other than the
design.
|
- [KCFusion] Implementing an Enterprise Single Login Safley, Nicole
- Re: [KCFusion] Implementing an Enterprise Single Log... Robert
- Re: [KCFusion] Implementing an Enterprise Single Log... Richard Morrison
- Re: [KCFusion] Implementing an Enterprise Single... Richard Morrison
- RE: [KCFusion] Implementing an Enterprise Single Log... LaPlante, Bryan
- RE: [KCFusion] Implementing an Enterprise Single Log... Safley, Nicole
- RE: [KCFusion] Implementing an Enterprise Single Log... Safley, Nicole
- RE: [KCFusion] Implementing an Enterprise Single Log... LaPlante, Bryan
- [KCFusion] Accounting System? Justin Hansen
- Dunwiddie, Bruce