[wp-hackers] Single sign-on with Wordpress & Mediawiki
Travis Snoozy
ai2097 at users.sourceforge.net
Wed Oct 31 19:06:06 GMT 2007
On Wed, 31 Oct 2007 13:37:15 -0400, Callum Macdonald
<lists.automattic.com at callum-macdonald.com> wrote:
> Travis Snoozy wrote:
> > Note that this still doesn't change the fact that users have to
> > separately authenticate with each service on your site (even if
> > they're all OpenID-enabled, and even if all the user has to do is
> > enter their OpenID URL). So, the "site-wide SSO" issue still
> > stands, even though it's less obnoxious :).
> >
> There might be a simple workaround. If you set the user's openID
> identity into a cookie, you could pick that cookie up in each of your
> apps. The user flow would be:
> 1) User visits WP site (is not logged in)
> 2) User clicks "Login" and is directed to OpenID server to
> authenticate
> 3) User is returned to WP now authenticated by OpenID
> 4) User browses to MediaWiki (not yet logged in to MediaWiki)
> 5) MediaWiki detects the OpenID cookie, requests authentication from
> OpenID server, logs user in to MediaWiki
My prototype does that, but *without* being tied to OpenID -- a
separate cookie gets set (tied to PHP session ID, so the client
contains NO sensitive information, regardless of what's stored), and
that is used for the basis of login. You could use a MySQL DB, flatfile,
Passport, OpenID, or whatever other authentication means you like (even,
potentially, allowing login through any of OpenID -or- Passport -or- a
local DB...). Solving the SSO integration problem generically means
that everybody wins -- not just sites that chose to use OpenID.
--
Travis
In Series maintainer
Random coder & quality guy
<http://remstate.com/>
More information about the wp-hackers
mailing list