Single Sign-on Between Domains

You can use Single Sign-on (SSO) between domains, when you have different sites in two different sub-domains, but within the same second-level domain. This topic requires that you must understand the terminology of the DNS domain namespace. For information about the DNS Domain Namespace, see Overview of the DNS Namespace.

To implement multi-domain, single login support, you must share cookies between domains using their domain property. This works only if the domains have a common top-level and second-level domain names. For example, the top-level domain name for microsoft.com is .com, and the second-level domain name for microsoft.com is microsoft.com. Therefore, premier.microsoft.com and msdn.microsoft.com both share the same top-level and second level domain names and can share cookies.

Note

• When sharing cookies between domains, you must share at least two domain levels. However, you can share more than two domain levels.

Two domains such as microsoft.com and microsoft.uk cannot share cookies because their top-level domain names (in this case .com and .uk) are dissimilar. In this scenario, the user is required to log in again when switching between these domains.

To enable a SSO capability between domains with differing top-level domain names, you can use Passport integration. For more information about Passport integration, see Integrating with Passport.

To enable single sign on support between domains, see one of the following topics:

• Enabling Cookie Sharing Across Applications
• Enabling Cookie Sharing across Domains

Copyright © 2005 Microsoft Corporation.
All rights reserved.