[wp-hackers] Wordpress SSO

Malte Witt m.witt at ia-sh.de
Wed Nov 28 23:39:45 UTC 2012


Hey at all,
I have the following situation: There are two different wordpress 
installs, different domains, different databases, different servers and 
I want to establish an SSO mechanism between those two.

All plugins I found so far that match "sso" are in fact doing shared 
authentification and no 'real' sso at all, but I want to login to 
wordpress A and then surf to wordpress B and still be logged in (or be 
automatically logged in to wordpress B in that second).

The only chance I can think of to get the session cookie from wordpress 
A is to redirect to wordpress A, check the cookie and then redirect back 
to wordpress B (including some handshake to safely pass the information 
if the user is logged in), but because I don't know if there even is a 
session I would have to do this on every pageload of wordpress B (so 
this can't be a real solution ...). Alternatively I could do some crazy 
AJAX/CORS stuff on every pageload of wordpress B to get the session 
information from wordpress A and then refresh the page if needed ...

I hoped somebody already thought about all this stuff because I don't 
have a clue in the moment. So I would be really glad if someone could 
share his thoughts about this topic (maybe this is impossible at all and 
that's the reason there is no plugin or howto available?) ...

Regards,
Malte


More information about the wp-hackers mailing list