Currently I am trying to implement Single Sign On (SSO) in rails 4.
Consider the I have one main app demo.com and three sub-domain apps (basically each one is separate rails application) sub0.demo.com, sub1.demo.com, sub2.demo.com
Now I have to login all of the application through the demo.com (let consider I have same users on all of the applications)
For this I looked into the this post and tried to implement it.
So I have a following questions
Is it the good way for doing this?
As per the given link, I am trying to implement the given functionality for this I have did following steps
As I am working on local, set the domain in /etc/hosts/ file
127.0.0.1 demo.com
127.0.0.1 sub0.demo.com
127.0.0.1 sub1.demo.com
Also made changes in the following files from the sub1.demo.com
session_store.rb
Rails.application.config.session_store :cookie_store, :key => '_tourlyapp_session', :domain => "demo.com"
But it is not working even though I have set the same key for all the application.
Is there any thing I am missing.
Have you tried doorkeeper gem , it is for what you are looking https://github.com/doorkeeper-gem/doorkeeper I have also found this post related to it
Related
Basically I am developing an API in rails with RocketPants and Devise and I'm creating a client with AngularJS. since they are in folders maintained by seperate people I run the rails api on localhost:3000 and the client on localhost:8000 and in the live environment they will be on subdomains of the same top level domain. api.example.com app.example.com.
I have allowed for cross domain requests using Rack Cors and this seems to work fine, I can query for things and log in by sending my credentials to the API (I have also checked if this works by returning the logged in user's id).
However the client does not seem to hang on to the session, after I log in and get back confirmation that I logged in successfully and I make another request it says the current_user is Nil.
I have allowed for subdomains in rails I think by using the following in session_store.rb
AppName::Application.config.session_store :cookie_store, key: '_app-name_session', domain: :all
I cannot test this however.
Is there a good way to share sessions between ports locally? Or is there a good way to emulate subdomains for local testing between 2 projects (1 rails, 1 standalone)?
Have you considered using Pow to serve your apps in development?
You could then run them on the subdomains, just like you do in production.
I am trying to implement a single-sign-on solution for multiple rails (v3.2) apps hosted at different subdomains of example.com
One app serves as an identity provider, uses devise for auth, and sits at users.example.com
The other apps rely on the identity provider for authentication, use devise+omniauth, with domains of [app1.example.com, app2.example.com, and example.com].
This blog entry inspired much of my implementation: http://blog.joshsoftware.com/2010/12/16/multiple-applications-with-devise-omniauth-and-single-sign-on/
I have it working fine, but the problem remains that the sessions are not shared so after I log in on the identity provider, I still have to make a call from each of the other apps to authenticate and I need this to be seemless to the user.
I tried using the same secret token at secret_token.rb, same session key at session_store.rb and :domain => :all (also tried '.example.com' and 'example.com' as values). Still no luck.
Doing the above, I see in a session.inspect that after login on the identity provider the session variable "warden.user.user.key" is populated. When I immediately go to the app on app1.example.com, the session.inspect shows the same session_id and _csrf_token but the "warden.user.user.key" variable is now missing.
I feel like I am missing something silly.. Any ideas what that may be?
I think there is another SO question about getting a single cookie to work across subdomains that would answer yours:
https://stackoverflow.com/a/10403338/2573896
Also, I can imagine that using a memcached cluster with dalli and memcached as your session store would work as well:
http://awesomerails.wordpress.com/2011/08/23/rails-3-memcached-session-store/
For the purpose of your application, the first solution makes more sense though.
I am having a situation when I am trying to make a RAILS application to be the backend core of my APIs. I am using 'devise' to authenticate the users, which does by putting a session cookie. This is so far perfect. and take in consideration that I am building this on "api.mydomain.com"
Now, I also have a javascript application running on "mydomain.com" which do AJAX calls to the API on the subdomain. I need to have the rails-issued cookie be valid and go on the headers when I make the API calls... It just doesn't.
I tried every single solution that I found on google, where it looks like putting this
Api::Application.config.session_store :cookie_store, key: '_api_session', :domain => ".mydomain.com"
into my config/initializers/session_store.rb was the default answer. this didn't work for me.
I also found some other recommendation on google that I shoudl put that in the environment file. that didn't work either for me.
Help will be appreciated.
Please note: I am running rails 3.2.11 should this matter.
Try using the :domain => :all option.
Source: Railsapps Tutorial on Subdomains (search for "Optional: Allow Sessions To Be Shared Across Subdomains")
I found that there is a better way to do that:
:domain => "*.domain.com"
I'm looking to set up custom domains for users. Much like Tumblr does.
I understand that the user must point their A record to an IP address. I found some information here: Custom domains in a Rails App
Can someone give me an example of this with a Heroku/Rails 3 setup? Is it even possible?
If you setup a wildcard DNS to point to your main app, you can use the :subdomain in config/routes.rb to handle your business logic.
I have 2 Rails applications (separated but sharing same top level domain). In development, I run the first application under localhost:3000 and the other one under localhost:3500
These two applications have the same users (not really but let's keep it simple).
So, when a user logs into application 1, I want him to be able to go to application 2 without having to sign-in again.
To do this, I changed the initializer, session_store.rb to:
Iview::Application.config.session_store :cookie_store, :key => '_iview_session', :domain => :all
I hoped this would be enough as, in my understanding, when accessing app. 2, the app. would be looking for the cookie of app 1 and assume the user is logged-in but it doesn't do the trick (at least in development).
What do I miss? Thanks!
Have you tried to set the secret_token.rb initializer to the same key?