Optimal Single Sign On Implementation for Internal Corporate Web Applications

Question

As I'm sure many companies do/want to do, mine is looking into implementing a single sign on solution across all of its internal web applications.

All users of the company have an AD account and thus the authentication will be done through Active Directory.

Nevertheless, many users use Unix and many Windows users don't use IE so Integrated Windows Authentication is less than ideal.

Before we roll our own, I have to believe that this is a very common problem and that their are some excellent (hopefully free and open source) solutions for building a single sign on provider and its client interfaces.

Though less important, I would prefer if the solutions were .Net; however, if the standard is something else, let me know that too.

Thank you!

Answer 1

I would recommend Kerberos. It's very secure and it works with all the systems you mentioned without writing any code.

For example, AD itself is a Kerberos KDC. The Unix systems can be configured to use AD,

http://www.cromwell-intl.com/unix/kerberos.html

For browsers, IE supports SPNEGO, which can interact with AD also,

http://msdn.microsoft.com/en-us/library/ms995329.aspx