You are here: Home / Documentation / How To's / How to set up user authentication over multiple sites

How to set up user authentication over multiple sites

by nguyen — published Sep 28, 2009 10:57 PM, last modified Aug 16, 2016 10:50 AM

Culley Smith wrote at 2009-9-23 11:36 -0500:
I have multiple (4) Plone sites running on the same Zope installation. I
would like to allow users who are logged into one Plone site stay logged in
across any of these sites. Specifically, my staff. Right now, they log in
to each site separately, but this Group has the same permission levels,
usernames, and passwords across the sites. My goal is to have them only log
in once, then be authenticated across all sites.

My question is whether there is one Plone authentication method that is
better suited to this task than others.

As usual, you have several options -- each with advantages and disadvantages:

* Probably the most clean way is to integrate SSO -- e.g. based on
"OpenId" or "CAS".

Drawbacks: login is removed from your portal and delegated to
a central instance.

* The behaviour you wish would be normal if the "session" plugins
of your sites would use the same key set (and all sites would live
in the same domain).

Thus, you can override the "ISession" adaptation for the "session"
plugin and ensure that they all use the same key set.

Drawbacks: a bit magic and a potential security risk (all
users shared by two sites can switch between these sites
and remain authenticated, even when they are in fact different
people -- but you called for precisely this feature!)

* Activate the "cookie auth handler"'s "UpdateCredentials" plugin.
This will advertise username and password as a cookie
and allow authentication based on this cookie value.

This, too, requires that all your sites are accessed from the
same domain.

Drawbacks: Passwords are (quite easily readable) out in cookies
and can be stolen.

There are probably further options....


Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
Plone-Users mailing list