Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

How to login a q2a user from using another domain? (Single Sign-On / Multiple Logins at once)

+6 votes
357 views
asked Aug 10, 2017 in Q2A Core by q2apro
edited Sep 9, 2017 by q2apro

Situation: 

  • Running a q2a forum siteQ.com
  • Running a custom website siteB.com with a custom script for user logins. 
  • I want to get rid of the custom login script. Instead I would like to use the table "qa_users" from siteQ.com (q2a forum) for the login handling.
  • I know already that I can access the q2a db and files from siteB.com via external integration

Wanted: 

1. User does his login on siteB.com using table qa_users (works already with external integration)

2. User coming from siteB.com visits siteQ.com which recognizes the user as loggedin.

By the way, you know this login feature from Google and Stackexchange, for instance.


Question: 

How can this be implemented?

.
 

I researched already and found on stackoverflow: 1, 2, 3. But probably there is a simpler way within question2answer.

Q2A version: 1.7.4
commented Aug 10, 2017 by q2apro
I thought I could just do from siteB.com: <form method="post" action="https://siteQ.com/login"> BUT the q2a forum expects the security token.
commented Aug 10, 2017 by Scott
Are the 2 domains on the same server?
commented Aug 11, 2017 by q2apro
Yes, full root access and same database.
commented Aug 21, 2017 by q2apro
I think the way to achieve this is by using AJAX. I found an example here and will try to test it soon: https://github.com/0k/multidomain-sso

2 Answers

+2 votes
answered Sep 9, 2017 by q2apro

To report back what solution I implemented: 

1. Created a plugin that is basically a copy of page login.php (e. g. /externallogin/)

2. Plugin receives parameters (email, encrypted password and form security code) by the URL  

3. Plugin processes login, without any redirect or alike.

4. Plugin uploaded to 2 external forums (that use the same userbase as the main site!)

Now: 

5. Core hack of qa-include/pages/login.php to output the IMG embeds which load our external login scripts (plugin!). We encrypt our password to NOT send it as plain text. It is not 100 % safe but better than plain text! And all my sites are running on HTTPS/SSL. The following code comes after $topath = qa_get('to');

// Q2APRO HACK for Multiple Logins (single sign-on)

// first we must decrypt the password 

$encryption_key = '12345678123456781234567812345678'; // your KEY
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
$inpassword_encrypted = openssl_encrypt($inpassword, 'aes-256-cbc', $encryption_key, OPENSSL_RAW_DATA, $iv);
$inpassword_encrypted = $inpassword_encrypted . ':' . base64_encode($iv);

// decrypt 
// $parts = explode(':', $inpassword_encrypted);
// $decrypted = openssl_decrypt($parts[0], 'aes-256-cbc', $encryption_key, OPENSSL_RAW_DATA, base64_decode($parts[1]));

$inpassword_encrypted = urlencode($inpassword_encrypted);
$formcode = qa_post_text('code');

// do multiple login requests using image embeds
$output = '
<html>
<head>
<script>
function do_redirect()
{
   window.location="'.$topath.'";
}
</script>
</head>
<body onload="do_redirect()">
<div style="display:none;">
    <img src="//www.myexternalsiteA.com/externallogin?eh='.$inemailhandle.'&p='.$inpassword_encrypted.'&c='.$formcode.'"/> 
    <img src="//www.myexternalsiteB.com/externallogin?eh='.$inemailhandle.'&p='.$inpassword_encrypted.'&c='.$formcode.'"/> 
</div>
</body>
</html>
';

echo $output;
return;

// END HACK


Hope that helps.

There are other ways to achieve single sign on / multiple logins, here are a couple of links that give you some ideas: 

0 votes
answered Dec 27, 2017 by mshah

If you do not want to share your DB with the WordPress installation, you can use one more WordPress installation as a single sign-on server.

E.g.

For us,

We have

https://publicityport.com (WordPress)

https://softwaretestingboard.com (WordPress MultiSite)

https://softwaretestingboard.com/qna (Question2Answer)

https://digitalmarketing.q2a.io (Question2Answer)

All four site can connect to one common server, https://myaccount.publicityport.com to get the user authorized.

So, users do not really have to create a separate account for all sites. 

For, WordPress you can create a single sign-on client. And for Q2A, you can use the plugin, https://github.com/PublicityPort/q2a-publicityport-login

commented Dec 27, 2017 by Yogendra Basnet
Please don't spam here. It seems you are copying and pasting same content into the site.
commented Dec 27, 2017 by mshah
It's not spamming. The answer is relevant to questions asked. If you find it spamming, I apologize for the inconvenience.
commented Dec 29, 2017 by q2apro
Wordpress was indeed not asked for. That's why Yogendra thinks it is spam. -- Does the plugin above work without dependencies as Single-Sign-On?
commented Dec 29, 2017 by mshah
I understand. But, there is nothing wrong to look at the possible solutions. You can simply make SSO out of any other CMS or framework, if not WordPress.

What I tried to convey is that the solution is possible and I just shared what I have.

You are right, the plugin does not work w/o dependency as SSO. But, I think that is the best possible solution we have right now if you want to scale your site.
commented Dec 29, 2017 by Yogendra Basnet
...trying to clarify. Apologies if I came out harsh.

I know you've been trying to help the community. However, copying and pasting same content in most of the related questions (maybe) seems spam post. It sometimes irritates to see the same thing all around.

http://www.question2answer.org/qa/53210/how-single-sign-sso-with-wordpress-and-either-phpbb-bbpress

http://www.question2answer.org/qa/25176/how-to-use-question2answer-single-sign-on-for-wordpress-site

http://www.question2answer.org/qa/41988/how-to-create-several-q2a-websites-with-single-sign-on

http://www.question2answer.org/qa/59014/login-user-from-using-another-domain-single-multiple-logins
commented Dec 29, 2017 by manish.er
Thank you for pointing that out.
commented Dec 29, 2017 by mshah
I agree with your point. I have removed my answer or edited wherever it's required.

That's the best I can do :)
commented Dec 29, 2017 by Yogendra Basnet
Anyways, thank you for helping the community.
...