单点登录，同一服务器上的多个域，rails上的ruby [英] Single sign-on, multiple domains on same server, ruby on rails

问题描述

如果我有一台具有多个域的服务器，那么在同一域上实现单点登录解决方案的首选方法是什么.我目前正在使用devise，在不同的域中放置了几百万个cookie，并且卡住了.除了实施SSO之外，我还需要将各种cookie迁移到中央域.关于各种服务器，它们只有一个页面，要求我根据用户是否登录来显示不同的状态.

If I have a single server with multiple domains, what is the preferred method for implementing a single-sign-on solution on the same domain. I am currently using devise, have a few million cookies in place on separate domains, and am stuck. On top of just implementing SSO, I also need to migrate the various cookies to a central domain. Regarding the various servers, they only have one single page that requires me to show different states depending on whether or not the user is logged in.

我尝试了以下方法:

1. CORS:选择一个域作为中央身份验证中心.从所有其他域进行跨域检查，以查看用户是否已登录.要迁移cookie，请检测是否存在"current_user"对象，将其发送到客户端，进行CORS请求，登录用户并杀死令牌.很棒！但是...在构建2-3周后，它在IE中完全失败.即使是IE11，我也注意到默认设置是禁用此行为.

1. CORS: pick one domain as the central auth hub. From all other domains make cross domain checks to see if the user is logged in. For migrating cookies, detect if there's a "current_user" object, send it to the client, make a CORS request, sign the user in and kill the token. Works Great! BUT... After building it for 2-3 weeks, it TOTALLY FAILS in IE. Even IE11, I'm noticing the default setting is disabling this behavior.

尝试修改会话存储位于

 Rails.application.config.session_store

没有运气.

我目前正在尝试以下方法:

I am currently experimenting with the following:

1. JSONP:我现在有人尝试将上述内容转换为JSONP，而我尝试了其他一些选择:

1. JSONP: I have someone right now trying to convert the above to JSONP instead while I try some other options:

设置自定义OAUTH提供程序.像以前一样，如果此人已登录，它将是中心域"，并返回带有用户可以从中进行请求的令牌的请求域. https://github.com/songkick/oauth2-provider

Set up a custom OAUTH provider. Like before, it will be the "central domain" if the person is signed in, return to the requested domain with a token from which the users can make requests. https://github.com/songkick/oauth2-provider

看着这个，但看起来已经过时了吗? https://github.com/rubycas/rubycas-client .如果我从一开始就将其推出，我也会感到这可能是一个解决方案，但是鉴于我们对项目的投入有多远，我不清楚如何转移现有的Cookie.同样也不清楚这是否需要两个应用程序来启动并运行(一个用于客户端，一个用于身份验证服务器)

Looking at this but it looks outdated? https://github.com/rubycas/rubycas-client. I also get the feeling this could have been a solution if I rolled this out from the get-go, but given how far we are into the project, it's unclear to me how I'd transfer the existing cookies. Also it's unclear if this requires two applications for me to get up and running ( one for client(s), one for auth server)

在我经历所有这些可能性时，如果有人在做我正在做的事情上有任何经验，请务必通知我，并为我节省很多工作:)

As I go through each of these possibilities, if anyone has had any experience doing what I'm doing, please do inform me and save me a whole lot of work :)

推荐答案

除非这是一个玩具应用程序，否则最好的方法可能是设置oauth提供程序.

The best way unless this is a toy app is probably to set up an oauth provider.

为此，我们将 Doorkeeper 与Devise结合使用，效果很好.如果您还不熟悉该策略，但是一旦您了解了其核心概念，那么花一点时间花些时间阅读文档并在youtube上观看一两个话题，就可以了.这个宝石的帮助.

We use Doorkeeper with Devise for this and it works great. It will be worth your time to set a little time aside to read through the documentation and watch a talk or two on youtube if you're not already familiar with the strategy but once you understand the core concepts its actually pretty simple to set up with the help of this gem.

http://railscasts.com/episodes/上有一段快速视频353-oauth-with-doorkeeper

这篇关于单点登录，同一服务器上的多个域，rails上的ruby的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！