[pubcookie-users] SSO across Cookie Domains

Feghhi, Jalil JFeghhi at visa.com
Fri May 13 15:03:06 PDT 2005 

Nathan,

Thanks for the reply.

Is there any public domain info (docs, urls) that you know of that can
help me understand the concept of POST-based profile and its use in SSO
across domains in general. 

Regards,

-Jalil

-----Original Message-----
From: Nathan Dors [mailto:dors at cac.washington.edu] 
Sent: Friday, May 13, 2005 2:41 PM
To: Feghhi, Jalil
Cc: pubcookie-users at u.washington.edu; pubcookie-dev at u.washington.edu
Subject: Re: [pubcookie-users] SSO across Cookie Domains

The cross-domain relay was an interim solution to the problem of
authenticating across cookie domains. The application server still uses
the classic enterprise-cookie-based pubcookie profile to send requests
to the relay, but the relay itself was written to use a POST-based
profile to get around the problem of cookie domains. In other words, the
relay resides within the application server's concept of an enterprise
domain (most often residing on the same server), and then the relay
takes care of sending requests to the login server. This is why we
called it a relay.

With Pubcookie 3.2.0, this POST-based profile is built into the Apache
module and configurable via the PubcookieLoginMethod directive. There is
no "domain cookie" in this profile; the authentication request/response
is carried to/from the login server using HTTP POST bodies. There's no
dependency on the "enterprise domain" in this method.

We do need to update our documentation to describe this profile better.
In fact, our Windows/IIS solution will use it exclusively in the next
release.

-Nathan


On Fri, 13 May 2005, Feghhi, Jalil wrote:

>
> I was looking at the pubcookie docs for cross-domain relay and could 
> not figure out how this product can work to do single-sign-on across 
> two domains like: xyz.com and abc.com using cookies. Is there any more

> detailed info on how the relay component works and how sso is achieved

> in a case where there is one app on xyz.com and one on abc.com.
>
> I appreciate it if somebody could provide me w/ more detailed 
> information.
>
> Regards,
>
> -Jalil
>
>

More information about the pubcookie-users mailing list