Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

cross domain scripting / possible with ajax

Status
Not open for further replies.
electricphp

electricphp

Programmer
Feb 20, 2008
71
US
I've been scratching my head for many hours trying to figure out if this is possible.

Basically I have a client who uses a number of different web portals, and he wants a remote login system. Essentially he would log into his site, and we would have a page with links for each one of these portals, once he clicks one of the links, he will be logged into that particular website.

I'm trying to do this by having a set of links at the top of my page that when clicked, load the different portals' login pages in an iframe below the links. These portal login pages would be prepopulated with a username and password (pulled from a database, that's the easy part) and possibly submitted, so all the user has to do is click on the link of the site he wants to go to and he's logged in.

My question is: Is this possible? It doesn't matter if it is complicated, I just need some direction in implementing this remote login system. I would be using Javascript, and PHP
 
Sort by date Sort by votes
Hi

AJAX can only contact the same domain from where its document was loaded. However, there are workarounds, as far as I know, kind of proxy-like server-side request forwarders.

But I would not do that.

If all those domains are hosted on the same machine, maybe there is no need at all. I would think to something like this :
[ul]
[li]each domain has a loginborrower.php[ul]
[li]searches a given domain's database for session with the given id; if found mimics a login[/li][/ul][/li]
[li]the quick login links point to the other domains' loginborrower.php passing their domain name and their own session id as parameter[/li]
[li]on all domains the authentication must check the [tt]REMOTE_ADDRESS[/tt] to be the same as the original[/li]
[/ul]
Of course, all this sounds dangerous, I not analyzed it in details if it really is.


Feherke.
 
Upvote 0 Downvote
This is no good. Your answer assumes that I would have control or access to all the portals' individual files, which I don't.

There must however be a way to do this. What about accessing the login info in FF's remember me feature, if that data can be somehow manipulated.
 
Upvote 0 Downvote
What about accessing the login info in FF's remember me feature, if that data can be somehow manipulated.
Click to expand...

If he's got Fx and the 'remember me' feature enabled, why do you need to write a complex iframe solution anyway? Just use the feature built into Fx!

Dan



Coedit Limited - Delivering standards compliant, accessible web solutions

Dan's Page [blue]@[/blue] Code Couch:
Code Couch Tech Snippets & Info:
 
Upvote 0 Downvote
Feherke, please don't make any assumptions about my goals. You know what they say about assumptions. They make an a.. out off u & me. If you can't help withe the scope of the project, please refrain your comments.

The point of the project is that I have a client who uses a number of portals for his business. He would like a single sign on solution.

If you don't know what that is, you can check out
The idea here is to have a master user that can access all these portals by logging into a main website, which has a database of usernames /passwords.

That way, when his employees go to work, they don't have to log in to 10 million websites, they can just log into one.

Also it would allow him to control what employee has access to what site, by blocking or enabling a specific username and password in the master database.
 
Upvote 0 Downvote
If you want commercial support for josso then pay for it here. Rather than slating feherke for trying to help with your unclear problem, you might thank him for prising the right question out of you at last.

If you want the best response to a question, please check out FAQ222-2244 first.
'If we're supposed to work in Hex, why have we only got A fingers?'
Drive a Steam Roller
 
Upvote 0 Downvote
perhaps the OP was addressing the question to the wrong forum. there is nothing intrinsically difficult about using a server based language to proxy remote site access.

if the remote site permits it, of course. cURL is a good starting point.

but i agree with the various commentators that the rebuttal of Feherke's efforts was wholly unnecessary.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AlecBS
  • Locked
  • Question
Solution for jscolor AJAX issue
Replies
0
Views
110
AlecBS
AlecBS
penguinspeaks
  • Locked
  • Question
Noob Ajax question
Replies
3
Views
163
Udvikler11
Udvikler11
BobMCT
  • Locked
  • Question
Assist request for onclick event to trigger ajax call?
Replies
1
Views
137
Diancecht
Diancecht
JRB-Bldr
  • Locked
  • Question
AJAX UPDATEPANEL ProgressBar with external TimerControl not working
Replies
9
Views
270
jpadie
jpadie
jimhintz
  • Locked
  • Question
AJAX not populating dropdown in ColdFusion
Replies
6
Views
251
LyndonOHRC
LyndonOHRC

Part and Inventory Search

Sponsor

Back
Top