We're about to start allowing our users to point their own domains at their profile pages on our website, but I've run into a problem that I can't seem to get around.
We need to make sure that when any user who is logged into the main domain visits one of these custom domains that they are going to be logged in on this site too. I've been reading about a few different approaches. SSO, CAS, OAuth... but I'm not really sure if any of these fits what I need.
I'd love to hear some opinions on it.
CAS is a SSO, it means that you will authenticate only once (just for the first app) and then you will access all app without re-authenticating. For every app in the "CAS galaxy", you'll get the profile of the authenticated user (a set of user attributes defined according to the app). The main advantages of CAS are its simplicity and its efficiency. I think it meets your needs. OAuth is about authorization : it means you will need to authenticate and authorize, which generally leads to login page for authentication and confirmation screen for authorization.