Single SingOn - Best practice

Posted by halfdan on Stack Overflow See other posts from Stack Overflow or by halfdan
Published on 2010-06-03T02:11:31Z Indexed on 2010/06/03 2:14 UTC
Read the original article Hit count: 301

Hi Guys,
I need to build a scalable single sign-on mechanism for multiple sites. Scenario:

  • Central web application to register/manage account (Server in Europe)
  • Several web applications that need to authenticate against my user database (Servers in US/Europe/Pacific region)

I am using MySQL as database backend. The options I came up with are either replicating the user database across all servers (data security?) or allowing the servers to directly connect to my MySQL instance by explicitly allowing connections from their IPs in my.cnf (high load? single point of failure?).

What would be the best way to provide a scalable and low-latency single sign-on for all web applications? In terms of data security would it be a good idea to replicate the user database across all web applications?

Note: All web applications provide an API which users can use to embed widgets into their own websites. These widgets work through a token auth mechanism which will again need to authenticate against my user database.

© Stack Overflow or respective owner

Related posts about mysql

Related posts about scalability