SSO, security, signing in and methods (PHP)


I am trying to figure out a secure but simple way for a single sign on.
Master site will be the main login site. Slave site will be the other website / domain.

Would it be secure if there was a login form on the slave site, when the user accesses it, the slave login form will be on a SSL connection. Once the user submits the login form on the slave site login script runs a file_get_contents to the master site (which is also on SSL), eg([super_secret_key]&user=[username]&pass=[password]) and the master site returns a JSON result with their username. If the result is true the slave site starts the session.

I also have in mind that when the user clicks a login button on the slave site it redirects them to the master site, if they are logged in to the master site it will redirect them back to the slave site with JSON details. I’m not sure if I am explaining myself correctly here; have you ever used the login as steam on a website? How it works is basically a user clicks a button on the site and it redirects him or her to the steam api login, once they click login steam redirects them back to the website with some details such as their steam id. How would you go about doing this?


This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.