Ticket #1106 (new task)

Opened 9 years ago

[S] Test Authentication Services with wildcard cookie domain

Reported by: pjkersha Owned by: pjkersha
Priority: required Milestone: CMIP5 Security
Component: security Version:
Keywords: Security, cookies Cc:

Description

Get security working with wildcard cookie domains so that multiple hosts in the same top-level CEDA domain can use the same OpenID sign in app.

The security system uses an OpenID RP endpoint running over HTTPS so that OpenID and SSL client authentication can be supported in parallel. These services set a cookie once authentication has succeeded. This is visible to the client service running over HTTP as they share the same domain. If a wildcard cookie e.g. *.ceda.ac.uk can be set, services running over multiple subdomains could be supported.

An alternative may be to run HTTPS with an SSL Certificates using multiple SubjectAltNames so that more than one domain can be supported.

Note: See TracTickets for help on using tickets.