Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / July 2007

Tip: Looking for answers? Try searching our database.

.NET Compatible SSO Solutions?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Spam Catcher - 20 Jun 2007 06:37 GMT
Hello Everyone,

I need to implement single sign on across serveral applications. Some
applications are under my control while others are under the control of 3rd
parties.

Can anyone suggest a good SSO solution?

We'll be primarily integrate .NET sites - but Java/PHP/etc are not out of
the question either. Our authentication store will be a database - but in
the future we may use LDAP or Active Directory.

Sites may authenticate against different databases - what I mean by this is
that one server may host multiple applications, each application has it own
authentication criterias.

Applications are hosted locally as well as remotely - perhaps under
different domain names too.

Any good suggestions? I've used Sun One Identity, but it seems to be
overkill for us and it wasn't very reliable.

Any other products you guys can recommend?

Thanks!
Reply to this Message
kenfine@nospam.nospam - 20 Jun 2007 07:15 GMT
I'm not sure the totality of your requirements, but you might have a look at
Pubcookie, an open-source production of the great University of Washington
in Seattle. The project includes modules that plug into IIS (an ISAPI
filter) and Apache, so you are not bound to one platform. If you have a
mechanism for keying people uniquely, Pubcookie should be able to enforce
identity reliably. Client server machines plugging into the system are
positively identified to the mother ship (the keyserver for the works) by
cert.
See here:
http://www.pubcookie.org/
http://en.wikipedia.org/wiki/Pubcookie

I have nothing to do with the development of Pubcookie, but I have
implemented it on several UW servers and have found it simple and reliable
once setup is complete. The developers for the project are actively
iterating things and seem pretty darn smart to me.

-KF

> Hello Everyone,
>
[quoted text clipped - 24 lines]
>
> Thanks!
Reply to this Message
Spam Catcher - 20 Jun 2007 16:55 GMT
> I have nothing to do with the development of Pubcookie, but I have
> implemented it on several UW servers and have found it simple and
> reliable once setup is complete. The developers for the project are
> actively iterating things and seem pretty darn smart to me.

Thanks for the link - PubCookie is the sort of SSO solution I'm looking
for  (relatively simple and cross-platform).

From your experience, is pubcookie able to authorize against multiple
login servers (all apps below are hosted on 1 physical server)? For
example:

Application A authorizes against Login Server 1
Application B authorizes against Login Server 2
Application C authorizes against Login Server 1

Basically apps A and C are part of a larger solution while application B
belongs to another solution. Each app will probably setup as a virtual
directory or a directory under the root of the server.

Also, apps are potentially cross domain (www.mycustomer.com transferring
to www.myhost.com).

Do you know if pubcookie works with the above scenarios?

Thanks!
Reply to this Message
kenfine@nospam.nospam - 20 Jun 2007 18:32 GMT
Hi Mr. Catcher,

You should cruise the pubcookie docs and/or try to contact the devs for
authorative information: I'm just a user of the tool. But here's some quick
response:

You ask if it is possible to authorize against multiple login servers. My
first response is to wonder why you would want to do this -- it seems to
defeat some of the intent and virtue of a centralized login store. My second
response is to say I don't really know.

You ask about cross-domain issues. The wikipedia article I cited in my
earlier message would seem to suggest that what you want won't work -- see
the "limitations" section which addresses cross-domain scenarios
specifically. You might want to write the pubcookie team and see if there is
any workaround.

Good luck!
-KF

>> I have nothing to do with the development of Pubcookie, but I have
>> implemented it on several UW servers and have found it simple and
[quoted text clipped - 22 lines]
>
> Thanks!
Reply to this Message
kenfine@nospam.nospam - 07 Jul 2007 17:18 GMT
Updating an old thread for the benefit of anyone that Googles into this: I
discussed the cross-domain question with the Pubcookie developers yesterday,
and they confirmed that Pubcookie works across domains. The wikipedia
article that said otherwise is obsolete.

-KF

> Hi Mr. Catcher,
>
[quoted text clipped - 42 lines]
>>
>> Thanks!
Reply to this Message
Spam Catcher - 08 Jul 2007 18:08 GMT
> Updating an old thread for the benefit of anyone that Googles into
> this: I discussed the cross-domain question with the Pubcookie
> developers yesterday, and they confirmed that Pubcookie works across
> domains. The wikipedia article that said otherwise is obsolete.

Thanks for taking the time to update the article! I was still keeping an
eye on the thread!
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.