This plugin enables single sign-on between a Rails application and any number of WordPress installations. You can view an
online demo showing a Rails app integrated with a WordPress app.
The key idea of the Integration API is to add a web services API into the existing Rails application, which allows one or more 3rd party apps to get the information they need, when they need it.
The API code can be added to any Rails app without modification. The Rails app stays in control of all sign-in and sign-out functions.
The 3rd party app, such as WordPress, is installed in a subdirectory of the Rails app on the same host. Alternatively, it can be installed running on a different port. These configurations will allow it to access the Rails cookie, which it needs to do to verify that the current user is logged in.
This plugin gives the administrator a couple of options about how the tight the integration should be (see the screenshots):
- Single sign-on This can be switched on or off. When on, WordPress will check the user’s Rails login state on every page view, and update the WordPress cookie and login state automatically. When off, the user will need to explicitly click the WordPress login and logout links.
- Automatically create new users This can also be switched on and off. It determines what happens when a user, logged in to Rails, first accesses WordPress. It allows the administrator to maintain manual control of who has login access, vs. allowing all Rails users to have login access to WordPress.
- Be sure that the Rails side is set up and working. Instructions for this are in the readme file for it. Download links are at the Integration API home page.
- Unzip this plugin folder and copy the integration-api subfolder to your WordPress’s plugin directory.
- Activate the plugin through the ‘Plugins’ menu in WordPress.
- Configure the settings according to the prompts in the ‘Integration API’ settings tab.
What about CAS?
CAS is definitely another option. The best choice for you will depend on your development needs. CAS was designed to enable single sign-on (SSO) across an enterprise. On the other hand, this plugin was designed to allow a WordPress blog to transparently appear to be part of a Rails app. So there’s a lot of overlap, and a few differences. CAS has a couple of benefits over the plugin:
- It enables single sign-on between web apps running on different machines, whereas this plugin requires WordPress to be on the same webserver and have read access to Rails’ session cookie.
- CAS is a standardized protocol, and is probably implemented by a wide variety of enterprise software.
And this plugin has a couple of advantages over CAS:
- It supports OpenID as the back-end authorization — that’s how I use it, and you can see this in the screenshots. This plugin is completely ‘agnostic’ as to how the real authentication is performed by the Rails app, whereas CAS is generally tied to the ‘username/password’ concept. CAS can theoretically be used with OpenID as the back end, but this is either ‘on hold’ (Ruby CAS server), or appears fairly complex to configure (ja-sig CAS server).
- This plugin plus its corresponding Rails app seems to be easier to configure than a CAS client/server pair: On the Rails side, one controller needs to be dropped into the app, and a few constants set. CAS requires more configuration, plus another server to be running.
Contributors & Developers
“Rails Integration API” is open source software. The following people have contributed to this plugin.