.NET Compatible SSO Solutions?

I'm not sure the totality of your requirements, but you might have a look at
Pubcookie, an open-source production of the great University of Washington
in Seattle. The project includes modules that plug into IIS (an ISAPI
filter) and Apache, so you are not bound to one platform. If you have a
mechanism for keying people uniquely, Pubcookie should be able to enforce
identity reliably. Client server machines plugging into the system are
positively identified to the mother ship (the keyserver for the works) by
cert.
See here:
http://www.pubcookie.org/
http://en.wikipedia.org/wiki/Pubcookie

I have nothing to do with the development of Pubcookie, but I have
implemented it on several UW servers and have found it simple and reliable
once setup is complete. The developers for the project are actively
iterating things and seem pretty darn smart to me.

-KF
"Spam Catcher" <sp**********@rogers.comwrote in message
news:Xn**********************************@127.0.0. 1...

Hello Everyone,

I need to implement single sign on across serveral applications. Some
applications are under my control while others are under the control of
3rd
parties.

Can anyone suggest a good SSO solution?

We'll be primarily integrate .NET sites - but Java/PHP/etc are not out of
the question either. Our authentication store will be a database - but in
the future we may use LDAP or Active Directory.

Sites may authenticate against different databases - what I mean by this
is
that one server may host multiple applications, each application has it
own
authentication criterias.

Applications are hosted locally as well as remotely - perhaps under
different domain names too.

Any good suggestions? I've used Sun One Identity, but it seems to be
overkill for us and it wasn't very reliable.

Any other products you guys can recommend?

Thanks!

<ke*****@nospam.nospamwrote in
news:Oq**************@TK2MSFTNGP04.phx.gbl:

I have nothing to do with the development of Pubcookie, but I have
implemented it on several UW servers and have found it simple and
reliable once setup is complete. The developers for the project are
actively iterating things and seem pretty darn smart to me.

Thanks for the link - PubCookie is the sort of SSO solution I'm looking
for (relatively simple and cross-platform).

From your experience, is pubcookie able to authorize against multiple
login servers (all apps below are hosted on 1 physical server)? For
example:

Application A authorizes against Login Server 1
Application B authorizes against Login Server 2
Application C authorizes against Login Server 1

Basically apps A and C are part of a larger solution while application B
belongs to another solution. Each app will probably setup as a virtual
directory or a directory under the root of the server.

Also, apps are potentially cross domain (www.mycustomer.com transferring
to www.myhost.com).

Do you know if pubcookie works with the above scenarios?

Thanks!

Hi Mr. Catcher,

You should cruise the pubcookie docs and/or try to contact the devs for
authorative information: I'm just a user of the tool. But here's some quick
response:

You ask if it is possible to authorize against multiple login servers. My
first response is to wonder why you would want to do this -- it seems to
defeat some of the intent and virtue of a centralized login store. My second
response is to say I don't really know.

You ask about cross-domain issues. The wikipedia article I cited in my
earlier message would seem to suggest that what you want won't work -- see
the "limitations" section which addresses cross-domain scenarios
specifically. You might want to write the pubcookie team and see if there is
any workaround.

Good luck!
-KF

--

"Spam Catcher" <sp**********@rogers.comwrote in message
news:Xn**********************************@127.0.0. 1...

<ke*****@nospam.nospamwrote in
news:Oq**************@TK2MSFTNGP04.phx.gbl:

>I have nothing to do with the development of Pubcookie, but I have
implemented it on several UW servers and have found it simple and
reliable once setup is complete. The developers for the project are
actively iterating things and seem pretty darn smart to me.

Thanks for the link - PubCookie is the sort of SSO solution I'm looking
for (relatively simple and cross-platform).

From your experience, is pubcookie able to authorize against multiple
login servers (all apps below are hosted on 1 physical server)? For
example:

Application A authorizes against Login Server 1
Application B authorizes against Login Server 2
Application C authorizes against Login Server 1

Basically apps A and C are part of a larger solution while application B
belongs to another solution. Each app will probably setup as a virtual
directory or a directory under the root of the server.

Also, apps are potentially cross domain (www.mycustomer.com transferring
to www.myhost.com).

Do you know if pubcookie works with the above scenarios?

Thanks!

Updating an old thread for the benefit of anyone that Googles into this: I
discussed the cross-domain question with the Pubcookie developers yesterday,
and they confirmed that Pubcookie works across domains. The wikipedia
article that said otherwise is obsolete.

-KF
<ke*****@nospam.nospamwrote in message
news:%2****************@TK2MSFTNGP02.phx.gbl...

Hi Mr. Catcher,

You should cruise the pubcookie docs and/or try to contact the devs for
authorative information: I'm just a user of the tool. But here's some
quick response:

You ask if it is possible to authorize against multiple login servers. My
first response is to wonder why you would want to do this -- it seems to
defeat some of the intent and virtue of a centralized login store. My
second response is to say I don't really know.

You ask about cross-domain issues. The wikipedia article I cited in my
earlier message would seem to suggest that what you want won't work -- see
the "limitations" section which addresses cross-domain scenarios
specifically. You might want to write the pubcookie team and see if there
is any workaround.

Good luck!
-KF

--

"Spam Catcher" <sp**********@rogers.comwrote in message
news:Xn**********************************@127.0.0. 1...

><ke*****@nospam.nospamwrote in
news:Oq**************@TK2MSFTNGP04.phx.gbl:

>>I have nothing to do with the development of Pubcookie, but I have
implemented it on several UW servers and have found it simple and
reliable once setup is complete. The developers for the project are
actively iterating things and seem pretty darn smart to me.

Thanks for the link - PubCookie is the sort of SSO solution I'm looking
for (relatively simple and cross-platform).

From your experience, is pubcookie able to authorize against multiple
login servers (all apps below are hosted on 1 physical server)? For
example:

Application A authorizes against Login Server 1
Application B authorizes against Login Server 2
Application C authorizes against Login Server 1

Basically apps A and C are part of a larger solution while application B
belongs to another solution. Each app will probably setup as a virtual
directory or a directory under the root of the server.

Also, apps are potentially cross domain (www.mycustomer.com transferring
to www.myhost.com).

Do you know if pubcookie works with the above scenarios?

Thanks!

<ke*****@nospam.nospamwrote in
news:#K**************@TK2MSFTNGP06.phx.gbl:

Updating an old thread for the benefit of anyone that Googles into
this: I discussed the cross-domain question with the Pubcookie
developers yesterday, and they confirmed that Pubcookie works across
domains. The wikipedia article that said otherwise is obsolete.

Thanks for taking the time to update the article! I was still keeping an
eye on the thread!