We have an organization with several hundred internal users in Active Directory. We have some of our computer systems integrated with AD but have many disparate web applications scattered through the organization that have separate authentication and authorization mechanisms.
In addition, we have about 60K external users who will eventually be able to log into and use some of the aforementioned web applications (albeit with different permissions most of the time). These users will not be in AD, but some other data store (probably just a database table that would be maintained as part of some other processes we have in the company). The application should be flexible in the data stores it can authenticate against.
We are looking for a centralized authentication and authorization system that we can tie the web apps to. On the authentication side of things, we are working towards Single Sign-On (SSO). For the authorization side of things, we would like a centralized location where we can assign application permissions to users or groups of users. Bonus points for permission "groupings" or "templates" which would allow further organization.
We have looked at Atlassian's Crowd, which seems ideal for authentication, but the authorization side is bleak.
The mechanism by which the web applications would communicate with the central auth server must be standards based and easy to implement in many different platforms (ASP classic, .NET, php, Python, Java).
So, the specific question is: Do you know of any open-source or proprietary software that will function as both a centralized authentication and authorization server as discussed above? Or, do you know of any software that might do centralized authorization and integrate well with other centralized authentication applications.
I found this question which is a year old and doesn't seem to have a answer. I am hoping this time around, a solution can be found: http://stackoverflow.com/questions/1161340/centralized-authentication-and-authorization-for-several-web-services