{"id":2574,"date":"2025-08-04T12:22:19","date_gmt":"2025-08-04T12:22:19","guid":{"rendered":"https:\/\/www.devopsconsulting.in\/blog\/?p=2574"},"modified":"2025-08-04T12:22:20","modified_gmt":"2025-08-04T12:22:20","slug":"centralized-authentication-service","status":"publish","type":"post","link":"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/","title":{"rendered":"Centralized Authentication Service\u00a0"},"content":{"rendered":"\n

The system we have designed follows a well-established and robust architectural pattern known as the Centralized Authentication Service<\/strong> or Identity Provider (IdP) Model<\/strong>.<\/p>\n\n\n\n

It is a form of microservices architecture where the responsibility of user authentication is completely decoupled from your individual applications and handled by one authoritative service.<\/p>\n\n\n\n

Here is a breakdown of this architecture and its components.<\/p>\n\n\n\n

Core Components of the Architecture<\/h2>\n\n\n\n
\"\"<\/figure>\n\n\n\n
    \n
  1. Identity Provider (IdP):<\/strong>\n
      \n
    • This is your new\u00a0auth.holidaylandmark.com<\/code><\/strong>\u00a0application built with Laravel Passport.<\/li>\n\n\n\n
    • It is the\u00a0single source of truth<\/strong>\u00a0for all user identities, credentials, and master login sessions.<\/li>\n\n\n\n
    • It owns the master\u00a0users<\/code>\u00a0database.<\/li>\n\n\n\n
    • Its only job is to answer one question for other services: “Are these credentials valid?” and “Is this user currently logged in?”. It provides secure API endpoints (\/login<\/code>,\u00a0\/logout<\/code>,\u00a0\/user<\/code>) for this purpose.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
    • Service Providers (SPs):<\/strong>\n
        \n
      • These are your five existing applications: the Laravel dashboard, the two Eventmie sites, the Flarum forum, and the WordPress blog.<\/li>\n\n\n\n
      • In this architecture, the SPs\u00a0no longer manage passwords<\/strong>. They become “clients” of the IdP.<\/li>\n\n\n\n
      • They are responsible for protecting their own pages and resources, but they\u00a0delegate the authentication decision<\/strong>\u00a0to the IdP.<\/li>\n\n\n\n
      • They still maintain a local\u00a0users<\/code>\u00a0table, but it’s used primarily for local data relationships (e.g., to link a blog post to a user ID), not for authentication.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
      • The SSO Cookie (The “Master Key”):<\/strong>\n
          \n
        • This is the technical mechanism that enables the seamless experience.<\/li>\n\n\n\n
        • It is a standard HTTP cookie set by the IdP on the root domain (.holidaylandmark.com<\/code>).<\/li>\n\n\n\n
        • This scope makes it accessible to all your applications.<\/li>\n\n\n\n
        • It is configured to be\u00a0HttpOnly<\/code>\u00a0and\u00a0Secure<\/code>\u00a0to prevent access from client-side scripts and to ensure it’s only transmitted over HTTPS.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
        • The User’s Browser:<\/strong>\n
            \n
          • The browser acts as the passive carrier of the SSO cookie, automatically sending it with every request to any service on the\u00a0holidaylandmark.com<\/code>\u00a0domain.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n

            Key Architectural Principles<\/h2>\n\n\n\n
              \n
            • Decoupling:<\/strong>\u00a0Authentication logic is completely removed (decoupled) from the Service Providers. This means your blog doesn’t need to know how to securely hash and compare passwords; it only needs to know how to ask the IdP. This makes the client applications simpler and more secure.<\/li>\n\n\n\n
            • Centralization:<\/strong>\u00a0All user management and security policies are centralized at the IdP. If you need to implement a new password policy (e.g., require longer passwords), you only have to change it in one place\u2014the IdP\u2014instead of five.<\/li>\n\n\n\n
            • API-Driven Communication:<\/strong>\u00a0The entire system operates via secure, server-to-server API calls. This is what allows you to keep each service’s login page without redirecting to a central one. The communication is invisible to the end-user.<\/li>\n\n\n\n
            • Local User Provisioning:<\/strong>\u00a0When a user logs in to a service for the first time via the IdP, a “stub” user profile is automatically created in that service’s local database. This process, called provisioning, ensures that local data integrity (e.g., foreign keys) is maintained.<\/li>\n<\/ul>\n\n\n\n

              Advantages of this Architecture<\/h2>\n\n\n\n
                \n
              • Seamless User Experience:<\/strong>\u00a0This is your primary requirement. Users log in once and gain access everywhere.<\/li>\n\n\n\n
              • Improved Security:<\/strong>\u00a0By centralizing authentication, you concentrate your security efforts on one hardened service (the IdP) instead of defending five separate applications.<\/li>\n\n\n\n
              • Simplified Management:<\/strong>\u00a0Managing your user base becomes much easier. A user’s account can be disabled or deleted from one central location.<\/li>\n\n\n\n
              • Scalability:<\/strong>\u00a0It’s easy to add a sixth, seventh, or eighth service to this SSO system. You simply teach the new application how to speak to the IdP, without modifying any of the other existing applications.<\/li>\n<\/ul>\n\n\n\n

                Disadvantages of this Architecture<\/h2>\n\n\n\n
                  \n
                • Single Point of Failure:<\/strong>\u00a0This is the most significant drawback. If your Central Auth Service (auth.holidaylandmark.com<\/code>) goes down,\u00a0no one can log in to any part of your platform<\/strong>. This service must be treated as mission-critical and hosted on high-availability infrastructure.<\/li>\n\n\n\n
                • Initial Complexity:<\/strong>\u00a0As you’ve seen from the guides, retrofitting this architecture onto existing applications is a complex initial project, especially regarding data migration.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

                  The system we have designed follows a well-established and robust architectural pattern known as the Centralized Authentication Service or Identity Provider (IdP) Model. […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2574","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\nCentralized Authentication Service\u00a0 - DevOps Consulting<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Centralized Authentication Service\u00a0 - DevOps Consulting\" \/>\n<meta property=\"og:description\" content=\"The system we have designed follows a well-established and robust architectural pattern known as the Centralized Authentication Service or Identity Provider (IdP) Model. […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/\" \/>\n<meta property=\"og:site_name\" content=\"DevOps Consulting\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-04T12:22:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-04T12:22:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1-1024x680.png\" \/>\n<meta name=\"author\" content=\"Abhishek Singh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Abhishek Singh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/\",\"url\":\"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/\",\"name\":\"Centralized Authentication Service\u00a0 - DevOps Consulting\",\"isPartOf\":{\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1-1024x680.png\",\"datePublished\":\"2025-08-04T12:22:19+00:00\",\"dateModified\":\"2025-08-04T12:22:20+00:00\",\"author\":{\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/fc397ba8be42f9fdd53450edfc73006f\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/#primaryimage\",\"url\":\"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1.png\",\"contentUrl\":\"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1.png\",\"width\":1223,\"height\":812},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/#website\",\"url\":\"https:\/\/www.devopsconsulting.in\/blog\/\",\"name\":\"DevOps Consulting\",\"description\":\"DevOps Consulting | SRE Consulting | DevSecOps Consulting | MLOps Consulting\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.devopsconsulting.in\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/fc397ba8be42f9fdd53450edfc73006f\",\"name\":\"Abhishek Singh\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g\",\"caption\":\"Abhishek Singh\"},\"description\":\"I\u2019m Abhishek, a DevOps, SRE, DevSecOps, and Cloud expert with a passion for sharing knowledge and real-world experiences. I\u2019ve had the opportunity to work with Cotocus and continue to contribute to multiple platforms where I share insights across different domains: \u2022 DevOps School \u2013 Tech blogs and tutorials \u2022 Holiday Landmark \u2013 Travel stories and guides \u2022 Stocks Mantra \u2013 Stock market strategies and tips \u2022 My Medic Plus \u2013 Health and fitness guidance \u2022 TrueReviewNow \u2013 Honest product reviews \u2022 Wizbrand \u2013 SEO and digital tools for businesses I\u2019m also exploring the fascinating world of Quantum Computing.\",\"url\":\"https:\/\/www.devopsconsulting.in\/blog\/author\/abhishek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Centralized Authentication Service\u00a0 - DevOps Consulting","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/","og_locale":"en_US","og_type":"article","og_title":"Centralized Authentication Service\u00a0 - DevOps Consulting","og_description":"The system we have designed follows a well-established and robust architectural pattern known as the Centralized Authentication Service or Identity Provider (IdP) Model. […]","og_url":"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/","og_site_name":"DevOps Consulting","article_published_time":"2025-08-04T12:22:19+00:00","article_modified_time":"2025-08-04T12:22:20+00:00","og_image":[{"url":"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1-1024x680.png","type":"","width":"","height":""}],"author":"Abhishek Singh","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Abhishek Singh","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/","url":"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/","name":"Centralized Authentication Service\u00a0 - DevOps Consulting","isPartOf":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/#primaryimage"},"image":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/#primaryimage"},"thumbnailUrl":"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1-1024x680.png","datePublished":"2025-08-04T12:22:19+00:00","dateModified":"2025-08-04T12:22:20+00:00","author":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/fc397ba8be42f9fdd53450edfc73006f"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.devopsconsulting.in\/blog\/centralized-authentication-service\/#primaryimage","url":"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1.png","contentUrl":"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1.png","width":1223,"height":812},{"@type":"WebSite","@id":"https:\/\/www.devopsconsulting.in\/blog\/#website","url":"https:\/\/www.devopsconsulting.in\/blog\/","name":"DevOps Consulting","description":"DevOps Consulting | SRE Consulting | DevSecOps Consulting | MLOps Consulting","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.devopsconsulting.in\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/fc397ba8be42f9fdd53450edfc73006f","name":"Abhishek Singh","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g","caption":"Abhishek Singh"},"description":"I\u2019m Abhishek, a DevOps, SRE, DevSecOps, and Cloud expert with a passion for sharing knowledge and real-world experiences. I\u2019ve had the opportunity to work with Cotocus and continue to contribute to multiple platforms where I share insights across different domains: \u2022 DevOps School \u2013 Tech blogs and tutorials \u2022 Holiday Landmark \u2013 Travel stories and guides \u2022 Stocks Mantra \u2013 Stock market strategies and tips \u2022 My Medic Plus \u2013 Health and fitness guidance \u2022 TrueReviewNow \u2013 Honest product reviews \u2022 Wizbrand \u2013 SEO and digital tools for businesses I\u2019m also exploring the fascinating world of Quantum Computing.","url":"https:\/\/www.devopsconsulting.in\/blog\/author\/abhishek\/"}]}},"_links":{"self":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts\/2574","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/comments?post=2574"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts\/2574\/revisions"}],"predecessor-version":[{"id":2576,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts\/2574\/revisions\/2576"}],"wp:attachment":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/media?parent=2574"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/categories?post=2574"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/tags?post=2574"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}