Re: lwp and IFRAME

I have seen something I think is very close to what you want. The user logs in to HostA (W2k). HostA does authentication over SSL. HostA sends a domain cookie (.mydomain.com) to the user containing a long unique string (many characters). If the user connects to HostB (linux) the browser sends the cookie to HostB which in turn sends the cookie value back to HostA (via LWP) for validation.

HostA returns a short http message to HostB with an indication that the auth succeeded (or not).

You'll of course need to protect the directories you want protected (e.g. with .htaccess under Apache). You may want to make the cookie values "one-time" or associate other info with their use depending on what you are trying to do.

--traveler

Comment on Re: lwp and IFRAME

Replies are listed 'Best First'.
Re: Re: lwp and IFRAME by novitiate (Scribe) on May 17, 2001 at 19:56 UTC
I was remiss in leaving out some details: 1.) The apps in the IFRAMEs don't belong to me and I have no influence on the design of those servers. 2.) The login at HostA is arbitrary and slightly irrelevant; It's kind of like, I have subscriptions to four commercial sites that use Basic/SSL validation and I want to condense the logins into a single one of my choosing. I hope that explains it a little better. humbly, novitiate	[reply]
Re: Re: Re: lwp and IFRAME by traveler (Parson) on May 17, 2001 at 23:13 UTC
Ahhh, then on portal you'll have to save the login info somewhere and supply it to the other hosts. I think the key that you need to know is how to use basic auth. Does something like this not work for you? `my $req = new HTTP::Request('GET', $url_1); $uid = 'user1'; $pass = 'pass1'; $req->authorization_basic($uid, $pass);` [download] --traveler	[reply] [d/l]