Hi Arun, On Jul 15, 11:19 am, Arun Kumar <[email protected]> wrote: > I have two rails app. Both have login pages for user authentication. The > two apps have links to one another. Now what i need is when a user logs > in to one app, he should not be again asked for login when he clicks the > link for second app.
My situation is slightly different but hopefully applicable to you. I have two apps that require a login and have created a third Rails app that servers as a single sign-on and user management system. The sign- in process goes roughly like this: 1. Each user (and directly related entities) has a UUID so that multiple DBs can be synchronised. 2. User enters credentials into SSO app, signs-in, it displays a page with links to both apps. The links are to session creation actions on the other apps and contain the user UUID and a hash of several user attributes including a nonce (one time random token). 3. Using ActiveResource the remote app calls back to the SSO app to authenticate the UUID and hash and returns the user object (as XML) which is synchronised into the remote app's DB. The nonce stored on the SSO users table is reset so links only work once (stops replay attacks). The internal authentication system should be restricted by IP address or similar to your own apps. Hope that helps, Andrew --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
