Single Sign-On / Multiple Servers.

Has anyone out there done any work w/ this, or have ideas on how to handle the problem? A more specific description being as such...

Using Basic Authentication, my server prompts the client for a login.  The user actually uses a 'third partry' login which I map, using an ISAPI Filter and SQL Server, to a valid NT account.  On all subsequent requests when the client receives a 401 error, it automatically sends off the login info it has cached, thus the user isn't repeatedly prompted for the login info.  This all works like a charm.

Now I'd like to add another web server, running its own copy of the filter and authenticating against the same SQL Server db.  However, when the user links to the new server and receives the 401 error it won't automatically send off its cached login info for the initial authentication.  But I don't want the user to have to enter their login info again.  ( Always looking out for the user, ya' know? )

Is there a way to have the initial server share information w/ the client - through a response header, redirection, etc. - regarding the other server(s) w/in my 'protected cluster', which will allow the client to automatically send off its login info as it encounters each 401 error, w/out reprompting the user.  I guess this would almost be like creating some sort of 'distributed session' or something - for lack of better terminology.

Also, although I'm only using Basic Authentication right now, there plans to move onto SSL3 client and server certificates in the near future.  So if a solution would involve use of said technology, please feel free to elaborate that.

thanks in advance

Michael G. Xenakis		PLATINUM technology, inc.
voice: 800.526.9096 x3007	page: 800.555.7017

"There is only one thing of which you can be certain, the sun will rise in the
East and set in the West.  Should you find that's not the case, then I'd advise
you face the other direction!"

Received on Friday, 5 December 1997 17:46:25 UTC