Comments on: Using Single Sign-On To Integrate Ning With An External Site http://www.zomo.co.uk/2008/08/using-single-sign-on-to-integrate-ning-with-an-external-site/ Is it done yet? Fri, 26 Feb 2010 21:54:02 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Brad Y http://www.zomo.co.uk/2008/08/using-single-sign-on-to-integrate-ning-with-an-external-site/comment-page-1/#comment-74 Brad Y Tue, 26 May 2009 14:14:08 +0000 http://www.zomo.co.uk/?p=77#comment-74 Nice write up. I'll try and figure it out for my next rails project. Nice write up. I’ll try and figure it out for my next rails project.

]]> By: lemon http://www.zomo.co.uk/2008/08/using-single-sign-on-to-integrate-ning-with-an-external-site/comment-page-1/#comment-66 lemon Wed, 14 Jan 2009 08:29:27 +0000 http://www.zomo.co.uk/?p=77#comment-66 Hi Patrick, You're right - if Ning set a cookie for ning.example.com then www.example.com will not see it. In general, sites sharing a common domain don't need such elaborate SSO since they can just issue a cookie for .example.com which all sub-sites will see. However I wasn't going to alter how Ning was issuing cookies - way too much to break! Our SSO cookie is only shared between sso., www. and shop.example.com. The fully blown SSO setup can deal with sites on disparate domains too, but needs some extra work than what's here - a final "user has SSO cookie, now issue your own" request from the SSO server to the interested site. Hi Patrick,

You’re right – if Ning set a cookie for ning.example.com then http://www.example.com will not see it. In general, sites sharing a common domain don’t need such elaborate SSO since they can just issue a cookie for .example.com which all sub-sites will see.

However I wasn’t going to alter how Ning was issuing cookies – way too much to break! Our SSO cookie is only shared between sso., www. and shop.example.com.

The fully blown SSO setup can deal with sites on disparate domains too, but needs some extra work than what’s here – a final “user has SSO cookie, now issue your own” request from the SSO server to the interested site.

]]> By: Patrick http://www.zomo.co.uk/2008/08/using-single-sign-on-to-integrate-ning-with-an-external-site/comment-page-1/#comment-65 Patrick Sat, 20 Dec 2008 16:16:49 +0000 http://www.zomo.co.uk/?p=77#comment-65 Nicely figured out. I'm trying to figure out a way to make Ning a sensible option for a social platform integrated into our existing site, and this could solve at least one of the problems. BTW I came to think. Isn't the security in cookies, that they can only be accessed from the website (domain) that created them? - So if the Ning network is set to a subdomain (i.e. ning.example.com), won't cookies set by Ning be accessible from all pages on www.example.com, or is there a catch? Nicely figured out. I’m trying to figure out a way to make Ning a sensible option for a social platform integrated into our existing site, and this could solve at least one of the problems.

BTW I came to think. Isn’t the security in cookies, that they can only be accessed from the website (domain) that created them? – So if the Ning network is set to a subdomain (i.e. ning.example.com), won’t cookies set by Ning be accessible from all pages on http://www.example.com, or is there a catch?

]]>