[wp-hackers] Single sign-on SSL domain

Matt Martz matt at sivel.net
Wed Jul 22 22:22:22 UTC 2009


What about using a wildcard cert or SAN (subject alternate name) cert?  A SAN cert allows you to protect multiple hostnames and domain names with a single cert. 

Scot Hacker <shacker at birdhouse.org> wrote:

>I'm in a situation where all WP logins will need to go SSL. We have a  
>lot of domains but not a lot of IP addresses to go around.  
>Historically all of our domains have been vhosts on a single server.  
>But since SSL requires one IP per domain, we're kind of stuck.
>
>Two possibilities we're considering:
>
>1) Require all logins to be OpenID, pushing the login process off to  
>another server so we don't have to worry about it. The challenge here  
>is that the existing OpenID plugin for WP does not provide a way to  
>*force* OpenID logins. Submitted a ticket to that project asking for  
>the feature, but no response in two weeks.
>
>2) Somehow configure apache to route login requests to a central  
>domain for sign-in. So:
>
>ssldomain.edu  <-- has cert
>
>Attempting to log in at domain.org would pass the user to  
>ssldomain.edu for authentication and then back to domain.org. I  
>believe I can use an apache Alias system so that the user would really  
>be at ssldomain.edu/domain.org but would appear to be at domain.org.  
>Has anyone tried something like this? Tricky? Successful? Pitfalls?  
>Recipes to share? What would need to happen on the WP side to work  
>with a system like this? Is it even possible?
>
>3) Other... ?
>
>Thanks for any suggestions.
>
>Scot
>
>_______________________________________________
>wp-hackers mailing list
>wp-hackers at lists.automattic.com
>http://lists.automattic.com/mailman/listinfo/wp-hackers

--
--
Matt Martz
matt at sivel.net


More information about the wp-hackers mailing list