Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. (from wikipedia)
now, I have more web service:
- www.a.com
- www.b.net
- www.c.org
- www.n.it
with more login page (and logout, register account, recover password... page), eg:
- www.a.com/login.php
- www.b.net/login.asp
- www.c.org/login
- www.n.it/login
all these pages authenticate users from the same database.
I have a dream, one authentication service, eg:
- www.a.com/login.php --> redirect to --> auth.acme.com/login
- www.b.net/login.asp --> redirect to --> auth.acme.com/login
- www.c.org/login --> redirect to --> auth.acme.com/login
- www.n.it/login --> redirect to --> auth.acme.com/login
I'm trying different solutions, eg. SAML protocol with SimpleSAMLphp, but for me SAML is like building a nuclear reactor to power a light bulb. it seems that I am over engineered something that should be very simple: Single Sign-On (quote I Hate SAML!).
The question
I would an "Single Sign-On" architecture, starting from something (eg. framework, stack) as simple. There something like "SAML for dummies?"
Since you apparently control both the applications as well as the authentication system (so you're not tied to a partner who already uses SAML) and you're looking for a simple version of SAML I'd recommend to start looking in to OpenID Connect: http://openid.net/specs/openid-connect-core-1_0.html.
That's a modern SSO protocol built on REST/JSON instead of XML/XMLDsig/SOAP like SAML is and there's already a number of implementations out there for various environments that are a lot easier to deploy and manage than SAML implementations: http://openid.net/developers/libraries/
OpenID Connect basically is "SAML for dummies". Any SSO system that you may come up with yourself is not going to be significantly simpler and would not be able to benefit from standard implementations.