[pubcookie-dev] Re: [pubcookie-users] SSO across Cookie Domains
Nathan Dors
dors at cac.washington.edu
Fri May 13 14:40:57 PDT 2005
The cross-domain relay was an interim solution to the problem of
authenticating across cookie domains. The application server still
uses the classic enterprise-cookie-based pubcookie profile to send
requests to the relay, but the relay itself was written to use a
POST-based profile to get around the problem of cookie domains. In
other words, the relay resides within the application server's
concept of an enterprise domain (most often residing on the same
server), and then the relay takes care of sending requests to the
login server. This is why we called it a relay.
With Pubcookie 3.2.0, this POST-based profile is built into the
Apache module and configurable via the PubcookieLoginMethod
directive. There is no "domain cookie" in this profile; the
authentication request/response is carried to/from the login
server using HTTP POST bodies. There's no dependency on the
"enterprise domain" in this method.
We do need to update our documentation to describe this profile
better. In fact, our Windows/IIS solution will use it exclusively
in the next release.
-Nathan
On Fri, 13 May 2005, Feghhi, Jalil wrote:
>
> I was looking at the pubcookie docs for cross-domain relay and could not
> figure out how this product can work to do single-sign-on across two
> domains like: xyz.com and abc.com using cookies. Is there any more
> detailed info on how the relay component works and how sso is achieved
> in a case where there is one app on xyz.com and one on abc.com.
>
> I appreciate it if somebody could provide me w/ more detailed
> information.
>
> Regards,
>
> -Jalil
>
>
More information about the pubcookie-dev
mailing list