How does SE's single signon work?

Question

Basically I just want to know how does StackExchange's single signon system work?
In the SE network you need to login only once in one of the websites to be automatically logged in to the other sites upon visiting.

How should I implement such a feature in my own network of sites?

I assume it uses the cookie which resides on the user's browser and then authenticates it with the originating site. If it is legit then it logs the user in automatically.

I am familiar with OpenID but I fail to see how it can help in my case. — 2hamed, Jan 02 '14 at 18:22
You asked how SE's single sign-on works. SE uses open ID, hence my comment. — The Blue Dog, Jan 02 '14 at 18:24
My question pertains to the part where I don't need to login to each site separately. Using OpenID one needs to login once per each site while I need to do so only once and for all. — 2hamed, Jan 02 '14 at 18:47
My apologies for missing that part of it then. Does this help you at all? http://stackoverflow.com/questions/342378/cross-domain-login-how-to-login-a-user-automatically-when-transferred-from-one — The Blue Dog, Jan 02 '14 at 18:56
It certainly does and thanks for it. I just hoped I could find out how StackExchange does it. — 2hamed, Jan 02 '14 at 19:05
Another link that may be of use to you - http://security.stackexchange.com/questions/827/how-to-set-up-a-single-sign-on-for-multiple-domains Good luck. — The Blue Dog, Jan 02 '14 at 19:14
Glad it helped, I won't post it as an answer as it wasn't mine! — The Blue Dog, Jan 02 '14 at 19:39

score 0 · Answer 1 · answered Mar 12 '18 at 04:07

You have to implement SAML or oauth2 to allow sso on your network.

In case of SAML your child websites will be service providers or resource servers.

While you need to setup and identity provider.

The sequence of events will be like this. 1. User hits a url of songs website, this site is resource server and does not handle authentication. 2.To authenticate resource server will construct a SAML authrequest and redirects to identity provider after signing it. Idp verifies the signature after receiving authrequest. 3. User will be presented with a login form, user has to end login credentials. 4. After user authentication idp will generate a SAMl token and redirect back to resource server. 5. Resource server will extract identity information from SAML token, resource server will login the user with session or cookie.

Depends upon which technology you are working in i have implemented it in php using simplesamlphp.

How does SE's single signon work?

1 Answers1