I'm trying to set up a single sign-on for my intranet. I've found a couple solutions online but I'm not sure if they apply to my particular situation.
I have several subdomains on the same server. One level of user should be able to access all subdomains and another level of user should only be able to access some subdomains.
Signing into one subdomain should make it so you don't have to log into any others.
Can anyone point me in the right direction? I'm on Ubuntu using Apache.
I'm not 100% sure of the solution, but I'm fairly certain you can run an LDAP server and have apache authenticate to it through the use of mod_ldap. You might want to scope out this article to see if it's what you want:
http://www.linux.com/archive/feature/120050
From there you should be able to create user groups in ldap and configure apache to reflect group access for different folders.
Fair warning, I've never actually done this before, so it might not be what you want.
Also, it looks like apache now has its own directory server project, I've only ever used Fedora-DS now 389-DS, should be pretty similar though:
http://directory.apache.org/
How will you authenticate your users? PHP/mysql? if so you could just use cookies
Here is what I propose (situation of strictly Intranet - subdomains of the same web domain):
On the identity provider after main authentication code call a method that:
after the method is returns - set the cookie for the subdomain.
On the identity consumer service:
This is easier to set up than OAuth, LDAP etc, but will work only with the subdomains, given that cookies cannot cross domain bounds.