I am trying to find a way to implement a full-blown SSO using OpenID so that the user does not need to enter anything into the new site in SSO.
I deleted all cookies and started experimenting.
- Logging on to stackoverflow.com
- I looked at Fiddler and saw that stackauth.com was linking to the file
- started a search to see what stackauth.com is, and finished stackapps.com
- I was APPLIED and registered at stackapps.com!
To repeat, I deleted all cookies at the beginning. Can someone explain to me the SSO that stackoverflow uses because I want to build SSO for sites in different domains? Maybe a link if it is already being explained somewhere.
Just checked. I went to SuperUser.com and was not initially registered, but a moment later it was shown at the top that I was logged in and updated this page.
Global network auto-login
How does it technically work (if it's not a secret :))?
Update
Mentioned that HTML5 local storage is key.
But let's say I have no problem redirecting all my users to some central Auth site. What should I store in the cookie of this site? How do I get user information, do I need to write some kind of API? I would like not to write my API, so I do not need to solve all security problems. I would rather use something existing as OpenID.