Announcement

Collapse
No announcement yet.

Transparently Using PHPSession of Another Application in SC App (Simple SSO)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Transparently Using PHPSession of Another Application in SC App (Simple SSO)

    What is the simplest yet secure way to achieve unidirectional single-sign on between another PHP app and an SC app that uses the standard SC security? This a stop gap measure to extend the first app's functionality with SC before the full thing can be converted.

    I just need a secure roadmap from more experienced folks before getting entangled in code.

    Scenario is:

    - App A is a normal PHP app, not SC whilst Project B (with many apps) is SC
    - the sign-in page will be in App A. Any unauthenticated attempts at any of B's Apps would re-direct to App A's sign in
    - I suppose after successful authentication in A, A should store the php session and user name/id in a table (which project B will also access)
    - every app B will point to a "verify_login" SC blank app which would check the session is still valid, assign user variables and redirect back to the SC app page it came from if valid otherwise send to sign on page of A
    - the necessary user entitlements will be duplicated in the user table of project B such that the user id in A matches the user id in B

    Is there anything else to be taken care of or is this all there really is to it?

    I notice from SC menus there is Options --> Settings --> "Use session in database". Does this make achieving my objective even easier?

  • #2
    The only way I know is to create the SC security session variables take a look at the sc_user and sc_username definitions in your generated code. that will give you a hint.

    Regards

    Comment


    • #3
      Originally posted by kafecadm View Post
      The only way I know is to create the SC security session variables take a look at the sc_user and sc_username definitions in your generated code. that will give you a hint.

      Regards
      The generated app has [usr_login] and [usr_name] set. Is this what you refer to?

      Comment

      Working...
      X