Single SignOn - Best practice
Posted
by halfdan
on Stack Overflow
See other posts from Stack Overflow
or by halfdan
Published on 2010-06-03T02:11:31Z
Indexed on
2010/06/03
2:24 UTC
Read the original article
Hit count: 292
Hi Guys,
I need to build a scalable single sign-on mechanism for multiple sites. Scenario:
- Central web application to register/manage account (Server in Europe)
- Several web applications that need to authenticate against my user database (Servers in US/Europe/Pacific region)
I am using MySQL as database backend. The options I came up with are either replicating the user database across all servers (data security?) or allowing the servers to directly connect to my MySQL instance by explicitly allowing connections from their IPs in my.cnf (high load? single point of failure?).
What would be the best way to provide a scalable and low-latency single sign-on for all web applications? In terms of data security would it be a good idea to replicate the user database across all web applications?
Note: All web applications provide an API which users can use to embed widgets into their own websites. These widgets work through a token auth mechanism which will again need to authenticate against my user database.
© Stack Overflow or respective owner