I need to develop some private web services , so I need a way to authenticate users so that each service can find out if the request is valid and supports some session states.
I would like to have a central authentication service with some simple operations like " logIn (login, password) " (which uses a directory, for example LDAP ), isValidSession (sessionID) "and" logOut (sessionID) ". The login operation should generate a session identifier or something similar that will allow the user to communicate with other services using this token.
Then, when the user tries to use the operation:
- the user provides his session identifier as the last parameter,
- the operation requests the authentication server if the provided identifier is valid,
- if so, the operation retrieves user session information,
- the operation continues and returns the result.
Are there standard templates and technologies for managing this scenario?
Thanks in advance for your help.
source
share