PHP Single Sign On For Multiple Apps On Multiple Domains

I have a need to create a single sign on for my own apps that are on different domains.  They happen to be on the same server now, but I don't want to rely on that.

Users would be signed in to App2, App3 and App4 the the traditional way.  I want to place code on these apps that allows posting and receiving data to and from App1 as well as being able to move to App1 from one of the other apps.

My thought is to have a user_name, pass_word and site_id for each apps where perhaps site_id is "app2", "app3", "app4".  On App2 where I would display a form to post or received data from App1, have a button to log into App1. That will cURL user info to to App1, if no username exists, it creates, otherwise displays appropriate data.  Essentially creating a REST API with App1.

Looking for comments.
LVL 56
Scott Fell, EE MVEDeveloper & EE ModeratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
I would create an API that handles the signons and make all of the signons query it.  And I would make it invisible to the user.

Note that you will still have to create separate sessions on the different servers after logon.  At least I don't know of any practical way to 'share' sessions over different servers.
Scott Fell, EE MVEDeveloper & EE ModeratorAuthor Commented:
Thanks, I agree, no need to even try and share sessions.
Ray PaseurCommented:
OAuth may be helpful.
MlandaTCommented:
Here is an implementation of an SSO system which might be implemented without going into all the details of what and how mechanisms such as OAuth work. http://barebonescms.com/documentation/sso/. It's a very well documented example and it even implements OAuth logins from social websites (Google, Facebook, etc).

Here is a discussion around the different considerations when implementing SSO: http://merbist.com/2012/04/04/building-and-implementing-a-single-sign-on-solution/. This does not give an implementation/code though. It's just a discussion on the concepts involved.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott Fell, EE MVEDeveloper & EE ModeratorAuthor Commented:
Thank you MlandaT.  I am interested in the discussion here, not actual coding for this question. I am going to digest this but it looks like a good read so far.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.