Hello Everyone,
I need to implement single sign on across serveral applications. Some
applications are under my control while others are under the control of 3rd
parties.
Can anyone suggest a good SSO solution?
We'll be primarily integrate .NET sites - but Java/PHP/etc are not out of
the question either. Our authentication store will be a database - but in
the future we may use LDAP or Active Directory.
Sites may authenticate against different databases - what I mean by this is
that one server may host multiple applications, each application has it own
authentication criterias.
Applications are hosted locally as well as remotely - perhaps under
different domain names too.
Any good suggestions? I've used Sun One Identity, but it seems to be
overkill for us and it wasn't very reliable.
Any other products you guys can recommend?
Thanks!
5  2535 
I'm not sure the totality of your requirements, but you might have a look at
Pubcookie, an open-source production of the great University of Washington
in Seattle. The project includes modules that plug into IIS (an ISAPI
filter) and Apache, so you are not bound to one platform. If you have a
mechanism for keying people uniquely, Pubcookie should be able to enforce
identity reliably. Client server machines plugging into the system are
positively identified to the mother ship (the keyserver for the works) by
cert.
See here: http://www.pubcookie.org/ http://en.wikipedia.org/wiki/Pubcookie
I have nothing to do with the development of Pubcookie, but I have
implemented it on several UW servers and have found it simple and reliable
once setup is complete. The developers for the project are actively
iterating things and seem pretty darn smart to me.
-KF
"Spam Catcher" <sp**********@r ogers.comwrote in message
news:Xn******** *************** ***********@127 .0.0.1...
Hello Everyone,
I need to implement single sign on across serveral applications. Some
applications are under my control while others are under the control of
3rd
parties.
Can anyone suggest a good SSO solution?
We'll be primarily integrate .NET sites - but Java/PHP/etc are not out of
the question either. Our authentication store will be a database - but in
the future we may use LDAP or Active Directory.
Sites may authenticate against different databases - what I mean by this
is
that one server may host multiple applications, each application has it
own
authentication criterias.
Applications are hosted locally as well as remotely - perhaps under
different domain names too.
Any good suggestions? I've used Sun One Identity, but it seems to be
overkill for us and it wasn't very reliable.
Any other products you guys can recommend?
Thanks!
<ke*****@nospam .nospamwrote in
news:Oq******** ******@TK2MSFTN GP04.phx.gbl:
I have nothing to do with the development of Pubcookie, but I have
implemented it on several UW servers and have found it simple and
reliable once setup is complete. The developers for the project are
actively iterating things and seem pretty darn smart to me.
Thanks for the link - PubCookie is the sort of SSO solution I'm looking
for (relatively simple and cross-platform).
From your experience, is pubcookie able to authorize against multiple
login servers (all apps below are hosted on 1 physical server)? For
example:
Application A authorizes against Login Server 1
Application B authorizes against Login Server 2
Application C authorizes against Login Server 1
Basically apps A and C are part of a larger solution while application B
belongs to another solution. Each app will probably setup as a virtual
directory or a directory under the root of the server.
Also, apps are potentially cross domain ( www.mycustomer.com transferring
to www.myhost.com).
Do you know if pubcookie works with the above scenarios?
Thanks!
Hi Mr. Catcher,
You should cruise the pubcookie docs and/or try to contact the devs for
authorative information: I'm just a user of the tool. But here's some quick
response:
You ask if it is possible to authorize against multiple login servers. My
first response is to wonder why you would want to do this -- it seems to
defeat some of the intent and virtue of a centralized login store. My second
response is to say I don't really know.
You ask about cross-domain issues. The wikipedia article I cited in my
earlier message would seem to suggest that what you want won't work -- see
the "limitation s" section which addresses cross-domain scenarios
specifically. You might want to write the pubcookie team and see if there is
any workaround.
Good luck!
-KF
--
"Spam Catcher" <sp**********@r ogers.comwrote in message
news:Xn******** *************** ***********@127 .0.0.1...
<ke*****@nospam .nospamwrote in
news:Oq******** ******@TK2MSFTN GP04.phx.gbl:
>I have nothing to do with the development of Pubcookie, but I have
implemented it on several UW servers and have found it simple and
reliable once setup is complete. The developers for the project are
actively iterating things and seem pretty darn smart to me.
Thanks for the link - PubCookie is the sort of SSO solution I'm looking
for (relatively simple and cross-platform).
From your experience, is pubcookie able to authorize against multiple
login servers (all apps below are hosted on 1 physical server)? For
example:
Application A authorizes against Login Server 1
Application B authorizes against Login Server 2
Application C authorizes against Login Server 1
Basically apps A and C are part of a larger solution while application B
belongs to another solution. Each app will probably setup as a virtual
directory or a directory under the root of the server.
Also, apps are potentially cross domain (www.mycustomer.com transferring
to www.myhost.com).
Do you know if pubcookie works with the above scenarios?
Thanks!
Updating an old thread for the benefit of anyone that Googles into this: I
discussed the cross-domain question with the Pubcookie developers yesterday,
and they confirmed that Pubcookie works across domains. The wikipedia
article that said otherwise is obsolete.
-KF
<ke*****@nospam .nospamwrote in message
news:%2******** ********@TK2MSF TNGP02.phx.gbl. ..
Hi Mr. Catcher,
You should cruise the pubcookie docs and/or try to contact the devs for
authorative information: I'm just a user of the tool. But here's some
quick response:
You ask if it is possible to authorize against multiple login servers. My
first response is to wonder why you would want to do this -- it seems to
defeat some of the intent and virtue of a centralized login store. My
second response is to say I don't really know.
You ask about cross-domain issues. The wikipedia article I cited in my
earlier message would seem to suggest that what you want won't work -- see
the "limitation s" section which addresses cross-domain scenarios
specifically. You might want to write the pubcookie team and see if there
is any workaround.
Good luck!
-KF
--
"Spam Catcher" <sp**********@r ogers.comwrote in message
news:Xn******** *************** ***********@127 .0.0.1...
><ke*****@nospa m.nospamwrote in
news:Oq******* *******@TK2MSFT NGP04.phx.gbl:
>>I have nothing to do with the development of Pubcookie, but I have
implemented it on several UW servers and have found it simple and
reliable once setup is complete. The developers for the project are
actively iterating things and seem pretty darn smart to me.
Thanks for the link - PubCookie is the sort of SSO solution I'm looking
for (relatively simple and cross-platform).
From your experience, is pubcookie able to authorize against multiple
login servers (all apps below are hosted on 1 physical server)? For
example:
Application A authorizes against Login Server 1
Application B authorizes against Login Server 2
Application C authorizes against Login Server 1
Basically apps A and C are part of a larger solution while application B
belongs to another solution. Each app will probably setup as a virtual
directory or a directory under the root of the server.
Also, apps are potentially cross domain (www.mycustomer.com transferring
to www.myhost.com).
Do you know if pubcookie works with the above scenarios?
Thanks!
<ke*****@nospam .nospamwrote in
news:#K******** ******@TK2MSFTN GP06.phx.gbl:
Updating an old thread for the benefit of anyone that Googles into
this: I discussed the cross-domain question with the Pubcookie
developers yesterday, and they confirmed that Pubcookie works across
domains. The wikipedia article that said otherwise is obsolete.
Thanks for taking the time to update the article! I was still keeping an
eye on the thread! This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: R. Rajesh Jeba Anbiah |
last post by:
Kinda OT. I haven't yet moved to PHP5. But, interested to know how
many of you _really_ started using it or moved? Are you doing any
compatible tweaks specifically for PHP 5 (forward compatible) or PHP 4
(backward compatible)?
--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
|
by: dkomo |
last post by:
I wrote a VB 6.0 program to create an Access database file and fill it
with data. I used the following DAO statement:
Set db_AllEquity = ws.CreateDatabase(Database_Name,
dbLangGeneral,
dbVersion30)
On my older computer I can open the .mdb file with Office 97 Access
with no problem
|
by: Martin |
last post by:
I am reading through Koenig and Moo's "Accelerated C++" and attempting the
exercises. Are there any sample solutions somewhere? It's all very well me
doing a solution, which seems to work, but for all I know it can be riddled
with undefined behaviours and bad C++. The alternative is to post my
solution to every single exercise and ask for guidance, but I actually think
that is counter-productive and tantamount to spamming anyway. A set of...
|
by: Lee Gillie |
last post by:
We have systems built upon shared libraries, which are maintained by a group of programmers. We install these to the GAC on
production servers. For saftey, when a programmer uses one of these libraries in a project they will GET-LAST-VERSION from
SourceSafe, and build the library. With version as "1.0.*", and new numbers are assigned during build. They include the library in
their kit. What happens from this is we keep getting addtional GAC...
|
by: chris2 |
last post by:
This may seem like a strange question to most readers, but I made a
nasty assumption when I made my first little "Hello World" application.
Seeing as I'm 100% novice to Visual Studio, and .net in general, I made
an assumption that compiled programs worked on all windows (at least
modern) computers. I tried to send said application to my friend to see
what I did, and he got the error ".NET Framework Initialization
Error"... it then dawned...
| | |
by: bert76 |
last post by:
can anyone suggest a couple of websites providing *compatible*
javascript?
of course there is
http://javascript.internet.com/
http://javascriptkit.com/
and the likes, but time and again you have to try out, test it only to
find it only works in IE.
at school, we want to test a number of javascripts, preferably
compatible with *all* browsers (mainly, but not just firefox).
tnx for suggestions
|
by: sunil |
last post by:
hi there
During my development i used .Net framework 1.1 with Office com component
9.0 (ie Word (.0 and Excel 9.0) object library and my application and my
development system has windows XP installed.
when i install my application on XP based system it's working fine but in
the case of professional 2000 or 98 ,I am not able to use Word and excel
facility of my application.
|
by: max |
last post by:
Dear all,
I did the following analysis to conclude that the following pointer
types are not compatible. Please let me know If my analysis and
interpretation of the C standard are correct:
const char * : "pointer to const-qualified char".
char *: "pointer to char".
Are these pointed-to types compatibles?
|
by: whitsey |
last post by:
Trying to concatenate two fields into one however I seem unable to do
so.
All I want is to execute the following
SELECT MONTH(L.DATE) ||' '|| YEAR(L.DATE) as MTH_OF_YEAR
FROM LOG L
But I get this error:
|
by: =?Utf-8?B?ai0wMjY=?= |
last post by:
i am using vista home premium on a AMD DUAL CORE +5000 64live and "BULLGUARD
INTERNET SECURITY" came with my software package and i have found that it is
not compatible with VISTA and the update to service pack 1 in vista ,once
sp1 is downloaded and additional updates with bullguard my vista becomes
unresponsive it will hang and freeze the whole system becomes in a way
"stupid". even system restore does not solve the issue programs...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
