I'm building some applications using rails.
All apps using restful auth plugin for User base and declarative authorization plugin for authorization rules.
But I need to merge all site's User accounts to one User base for providing login for all sites.
I.e like 37signals working on. Here is their work ;
http://37signals.com/accounts
How can I archieve this, any suggestions are welcome.
Thanks
A.Karr
From studying how 37signals was doing stuff - I think they're using RubyCAS http://github.com/gunark/rubycas-server
It's perfect for single sign-on, single sign-off and other related stuff - when you have multiple independent applications. Also, because CAS is a generic protocol, it exists for non-ruby/rails applications too. SO you can integrate legacy systems or client applications in Java etc.
I started building a set of how-tos on the subject here:
http://rubyglasses.blogspot.com/2009/12/rails-single-sign-on-with-rubycas.html
Have you thought about using open id?
If all your apps run on the same domain you shouldn't have any problems accessing the authentication cookie in all the apps, but you'll need to store the authentication state somewhere where all the applications can access it.
Related
I recently switched to a new company where my manager wants me to develop entirely new cloud based project in MVC. I have never worked on a project from the start and I think this is a good opportunity for me to lead.
However, I think the requirements of the clients are bit confusing.
Here is what he wants:
Client should be able to access the cloud hosted application from his network with single sign on. He wants to use his active directory for that.
There are different users in active directory, they will have different roles (I think we can handle this on database side. Create different roles and assign roles to users).
Client has to add vendor info in the application. But for this, system should send an email to vendor with the url of the cloud application. He wants user to login to the application using 2 Factor Authentication. So, send dummy password with url, and send OTP to his mobile number. Just like registering to any system.
Now my questions are:
Is it possible to have 2 different types of login mechanisms in the same application? SSO for client and 2FA for outside vendors?
If yes, could you please guide me in the right direction?
what things I need? Which framework, design pattern should I prefer?
How do I proceed ?
I have several projects such as After Sales Service and Product Label Generator that their users are the same, I mean users can register and according to admin's decision can have some roles or claims.
Depending on roles or claims, each user has access to a specific application.
In my opinion I should create a web-api app in order to just serve authentication and authorization services.
It should be noted that we may go further and have some other apps such as android version. also each project has its own database.
What's the problem? I have no idea how I can implement this! any suggestion or article can help.
Thank you
Hooman, I would suggest you to use IdentityServer for authentication, it's Open Source OpenID Connect and OAuth 2.0 framework for .NET. We are also in process of using it,nature of yours and ours products looks same to me. Keeping a single database for users and their rights and also managing access/rights for specific applications. As it's also token based, so if u extend your products to Mobile later on, it would prove to be a better approach as well.
link: https://identityserver.io/
documentation looks self sufficient to me.
Due to requirement changes we need to add a node server to our already existing system. We will be using sails.js for the realtime communication part of the app and redis store for session management. But the confusion now is what is the best way to authenticate the client app/user on both servers with one login form.
Any help will be much appreciated.
Unless you have specific limitations or widhes, this sounds like standard requirement for SSO (Single Sign-On) implementation. OAuth is wide-spread standard in this area.
Ruby have implementations for this, see this repository for example
OAuth2 A Ruby wrapper for the OAuth 2.0 specification.
As for reading materials, you can check this article:
Single Sign On (SSO) for Multiple Applications with Devise, OmniAuth
and Custom OAuth2 Implementation in Rails
This tutorial may also help.
Then, you can implement OAuth in your node js server, and other services when needed.
Or detail your question and specific requirements or limits for other options. Meanwhile, you can check this SO question on other non-SSO options.
Let me start off by saying that I'm not totally sure what I'm looking for. I'm hoping I can explain the situation I'm in, and that someone can point me in the right direction.
So here's what I'm up against. I want to build a ruby on rails application that will be hosted by oranization A on some domain organizationA.com. Then, multiple other organizations (X,Y,Z) will be accessing this tool from other domains (orgx.com, orgy.com, etc.). I do not know at this moment what form of authentication X,Y and Z will use, most likely it will be LDAP or native Windows, but the important thing is that it could be different from organization to organization.
In a situation like this, what is the best way (is there a way?) to allow the users at X,Y and Z to use the application using SSO. Are there any existing tools out there that you would recommend or have worked with? Is there a name for what I'm describing so I can do some better googling?
Any help is much appreciated.
One Possibility
CASino - http://casino.rbcas.com/
Looks like this would be a separate server just for authentication, using the CAS authentication protocol, and could be used for multiple different types of authentication at different organizations. I'll have to check it out.
I'm using CASino for our SSO Solution and it's really cool.
casino and rack-cas provide a good CAS server and client support for ruby based single sign on applications.
You can try rubycas-server and rubycas-client if you are developing RoR applications
Im currently developing a enterprise system using the similar technology, My solution is using rubycas-server to manage user info and logins, and create separate user system base on ssoid of cas-server on each application sever to maintain the access level individually.
I have one main Asp.net MVC application, I also have a help site and quite a few internal apps (that I need to build - reporting, stats, support tickets).
Question: Can OAuth be used in this way? i.e. a user can be authenticated to use all apps (if they have access to that app)?
Ideally all or most of the other apps will be implemented in Ruby or Node.js - so I am hoping I can achieve this with OAuth.
As long as all of your apps run under the same top level domain, it should not be strictly neccessary to use OAuth or similar to obtain a shared session. Instead you could rely on a plain session cookie. You could run some kind of middleware in between your app and the user.
Only if the main app is providing a REST API that you may want to use on various client apps, where some of them run in external environments / domains, making use of OAuth may be relevant.