PHPFixing
  • Privacy Policy
  • TOS
  • Ask Question
  • Contact Us
  • Home
  • PHP
  • Programming
  • SQL Injection
  • Web3.0

Tuesday, March 15, 2022

[FIXED] How can LDAP-based SSO between .Net and PHP systems be done?

 March 15, 2022     .net, lamp, ldap, single-sign-on, sitecore     No comments   

Issue

I've been working with LAMP systems so I am relatively ignorant about MS technologies. We have a customer with an existing website powered by a .Net CMS called sitecore. They want to use one of our products which is another web system powered by LAMP technologies. For simplicity let's say that if you type in site.com, you'll end up on sitecore section of the website and if you type in app.site.com, you'll get to our LAMP app.

Our goal is to integrate the two systems. So the main .Net website will have "sign in" form and whenever that one is filled in, the user should be signed in both .Net system and our LAMP system. We obviously have full control over our LAMP system and we can code any handlers there however we don't have much control over the .Net system. I've done some research and LDAP seems to be the standard way people employ to implement SSO in such cases but I am still trying to figure out how it works. My current understanding is that LDAP is something like an external database and once .Net system is configured to work with it (sitecore does provide such integration), login+pass entered in the sign in form, will be getting validated against LDAP. What is not clear to me is how our LAMP system will get notified whenever user is signed in? So I am basically struggling to understand the general flow of such integration: user goes to .Net website, enters login+pass, gets authenticated, .Net website stores that in cookie/session (or whatever is employed for these purposes in such systems) and then our LAMP system somehow needs to do the same but I am not sure how.


Solution

LDAP is simply a storage solution for a lot of things. You can store passwords in there as well and ask the LDAP whether a given password is ok for a given user. So you can use LDAP for authentication. And because a lot of systems can use one LDAP you can build a "one password for all" solution around an LDAP.

To use real SSO as you specified it, there is a little more work to be done, as generation of tokens and so forth is far beyond the scope of LDAP.

There is a solution called KERBEROS out there for SSO which can be based on LDAP-authentication. It's the solution used by Microsofts ActiveDirectory or Apples OpenDirectory and others. I believe .Net can use it and as far as I know there are ways to "kerberize" apaches httpd to use real SSO with it.

For more information have a look at http://en.wikipedia.org/wiki/Kerberos_%28protocol%29



Answered By - heiglandreas
  • Share This:  
  •  Facebook
  •  Twitter
  •  Stumble
  •  Digg
Newer Post Older Post Home

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Copyright © PHPFixing