Hello Friends,
We've discussed SSO before. I would like to re-enhance the conversation with defined requirements, taking into consideration recent new developments.
In the past week I've been doing market research looking for answers to the following key issues:
The project should should be:
Requirements
- SSO solution for web applications.
- Integrates into existing developed products.
- has Policy based password security (Length, Complexity, Duration and co)
- Security Policy can be managed using a web interface.
- Customizable user interface (the password prompt and co. screens).
- Highly available (99.9%)
- Scalable.
- Runs on Red Hat Linux.
Nice to have
- Contains user Groups & Roles.
- Written in Java.
- Free Software (open source) solution.
None of the solutions came up so far are "killer choice" which leads me to think I will be tooling several projects (OWASP, AcegiSecurity + X??) hence this discussion.
We are ISV delivering front-end & backend application suite. The frontend is broken into several modules which should act as autonomous unit, from client point of view he uses the "application" - which leads to this discussion regrading SSO.
I would appreciate people sharing their experience & ideas regarding the appropriete solutions.
Some solutions are interesting
- CAS
- Sun OpenSSO Enterprise
- JBoss Identity IDM
- JOSSO
- Tivoli Access Manager for Enterprise Single Sign-On
Or more generally speaking this list
Thank you, Maxim.