I’m working on a site which is at the core/ master of a number of sites. We are also responsible for handling the authentication across all the sites under the brand banner.

The client has wanted a single-sign-on operation to be included, so if I was to sign into any of the sites I would be signed into all the sites. We’re handling the child site sign-ins by redirecting to the main site (ours) and executing the login.

It was decided that the SSO would operate via embedding image tags into the page and then calling a page on each child site. This would open a client session to their site so they can set cookies/ do what they want to handle a login.

This works for the most part, it’s been tested on IE7, FF 2 & 3 and they all work. The problem browser at the moment is Safari (and Chrome). Although the images do appear to load in the client session doesn’t seem to be opened, we get no cookies from the child sites set. The problem seems to be WebKit based browsers with Safari and Chrome being the problem (I’d presume that konqueror may suffer the same fate but at the moment I don’t have a Linux install at my disposal).

Does anyone know a way to have Safari recognise an embeded image tag to an external host as opening a client context? Or can someone provide a better way to do SSO from ASP.NET to site(s) which are not ASP.NET?

Note: yes I am aware there are problems in the SSO concept we’ve done thus far in regards to having images disabled. The solution proposed wasn’t mine, I’m just stuck with it.