Distributed authentication
Posted: Thu Mar 10, 2011 10:57 am
Hi all,
This is a theory question, not a specific code question.
I'm creating a central authentication scheme for my environment - as I have a number of applications running on various different servers (4 servers, 7 subdomains).
So, a basic situation between a Remote server and the Central server, when creating a session would go like this:
Are there any other problems with this setup?
Thanks.
This is a theory question, not a specific code question.
I'm creating a central authentication scheme for my environment - as I have a number of applications running on various different servers (4 servers, 7 subdomains).
So, a basic situation between a Remote server and the Central server, when creating a session would go like this:
- Remote server asks user for user credentials
- Remote server takes credentials & compares them against our LDAP server
- If successful, Remote server sends a request (over https) to Central server to create a session for the user
- Central server loads user data and creates a session in our database - recording session expiry time & which applications the user is allowed to access.
- Central server sends generated session key, session expiry time, and loaded user data back to Remote server
- Remote server creates a cookie with the generated session key and the correct expiry time
Are there any other problems with this setup?
Thanks.