×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

cross domain scripting / possible with ajax

cross domain scripting / possible with ajax

cross domain scripting / possible with ajax

(OP)
I've been scratching my head for many hours trying to figure out if this is possible.

Basically I have a client who uses a number of different web portals, and he wants a remote login system. Essentially he would log into his site, and we would have a page with links for each one of these portals, once he clicks one of the links, he will be logged into that particular website.  

I'm trying to do this by having a set of links at the top of my page that when clicked, load the different portals' login pages in an iframe below the links.  These portal login pages would be prepopulated with a username and password (pulled from a database, that's the easy part) and possibly submitted, so all the user has to do is click on the link of the site he wants to go to and he's logged in.

My question is: Is this possible? It doesn't matter if it is complicated, I just need some direction in implementing this remote login system.  I would be using Javascript, and PHP

RE: cross domain scripting / possible with ajax

Hi

AJAX can only contact the same domain from where its document was loaded. However, there are workarounds, as far as I know, kind of proxy-like server-side request forwarders.

But I would not do that.

If all those domains are hosted on the same machine, maybe there is no need at all. I would think to something like this :
  • each domain has a loginborrower.php
    • searches a given domain's database for session with the given id; if found mimics a login
  • the quick login links point to the other domains' loginborrower.php passing their domain name and their own session id as parameter
  • on all domains the authentication must check the REMOTE_ADDRESS to be the same as the original
Of course, all this sounds dangerous, I not analyzed it in details if it really is.
 

Feherke.
http://rootshell.be/~feherke/

RE: cross domain scripting / possible with ajax

(OP)
This is no good.  Your answer assumes that I would have control or access to all the portals' individual files, which I don't.

There must however be a way to do this.  What about accessing the login info in FF's remember me feature, if that data can be somehow manipulated.  

RE: cross domain scripting / possible with ajax

Hi

Fortunately such data can not be accessed directly by scripts.

Anyway, that would not help more in your cross domain circumstances.

Feherke.
http://rootshell.be/~feherke/

RE: cross domain scripting / possible with ajax


Quote:

What about accessing the login info in FF's remember me feature, if that data can be somehow manipulated.

If he's got Fx and the 'remember me' feature enabled, why do you need to write a complex iframe solution anyway? Just use the feature built into Fx!

Dan

 

Coedit Limited - Delivering standards compliant, accessible web solutions

Dan's Page @ Code Couch: http://www.codecouch.com/dan/

Code Couch Tech Snippets & Info: http://www.codecouch.com/
 

RE: cross domain scripting / possible with ajax

Hi

Quote (Dan):

If he's got Fx and the 'remember me' feature enabled
I am afraid electricphp would like to have siteA's login form's data used by siteB's login form.

Feherke.
http://rootshell.be/~feherke/

RE: cross domain scripting / possible with ajax

(OP)
Feherke, please don't make any assumptions about my goals. You know what they say about assumptions. They make an a.. out off u & me. If you can't help withe the scope of the project, please refrain your comments.

The point of the project is that I have a client who uses a number of portals for his business. He would like a single sign on solution.

If you don't know what that is, you can check out http://www.josso.org/

The idea here is to have a master user that can access all these portals by logging into a main website, which has a database of usernames /passwords.

That way, when his employees go to work, they don't have to log in to 10 million websites, they can just log into one.

Also it would allow him to control what employee has access to what site, by blocking or enabling a specific username and password in the master database.

RE: cross domain scripting / possible with ajax

If you want commercial support for josso then pay for it here. Rather than slating feherke for trying to help with your unclear problem, you might thank him for prising the right question out of you at last.

If you want the best response to a question, please check out FAQ222-2244: How to get the best answers first.
'If we're supposed to work in Hex, why have we only got A fingers?'
Drive a Steam Roller  

RE: cross domain scripting / possible with ajax

perhaps the OP was addressing the question to the wrong forum.  there is nothing intrinsically difficult about using a server based language to proxy remote site access.

if the remote site permits it, of course.   cURL is a good starting point.

but i agree with the various commentators that the rebuttal of Feherke's efforts was wholly unnecessary.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close