xppass - a free single sign-on system developed by php.

Project Information

Activity Medium
Project feeds
Code license
New BSD License
Labels
xppass

Members

kakap...@gmail.com

2 committers

Links

Blogs
kakapo's nest
External links
demo

Features:

1. Provide three solutions: Cookie、Session and Ticket, choose one according to requirement.

2. Use hash multi-table designment in supporting hundreds of millions of user data storage.

3. Provides two ways to register: user name and email.

4. To achieve security sign-on technology, using MD5 encrypted password in transmission and hmac authentication.

5. Automated installation program.

6. Supports multi-language versions.

	Cookie Solution	Session solution	Ticket solution
Mentality	Online user data stored in the browser cookie. User data transmission and storage using encryption Sub-domain sharing decrypt arithmetic and password.	Online users data stored in the server side. Sub-domain application sharing the session id of root domain. User data without encryption. Webserver cluster use the database or memcached to share user data.	When the user visit Application Service (AS), AS determine whether the user has logged locally. If no, AS call SSO client api to access sso server, taking a digital signature, user_name, and domain information. When SSO server receives the information from the client, it certified the legality of the signature verification first, and then determine whether user_name exists in session. If yes, it return session id (as ticket), or redirecting to login page. After the user logged in successfully at authentication center, SSO server saved user data in session. Then jump back to application service, URL belt with ticket (session id). The SSO client, take ticket, domain, and signature (the signature encrypted by the ticket) to visited the SSO Server. SSO Server authorizes first, and then returns the encrypted data named as user token. User data is encrypted in transmission. SSO client uses the private key to decrypt the token data. If the user has been logged in step 3, and then skip this step.
Advantage	Simple, Safe, to avoid webserver cluster problem, such as sharing user data.	cluster problem, such as sharing user data Very Safe, be able to resolve webserver cluster problem.	webserver cluster problem. Cross-domain,　very Safe.
Disadvantage	Non-cross-domain,the size of cookie data is limited.	Non-cross-domain, a little complicated.	Complicated, need clients