Does something like OpenSSO (https://opensso.dev.java.net/) or ESOE (http://esoeproject.org/) exist for the .NET platform?
A:
Keep in mind that if you're using .Net, you're probably in a Microsoft Shop using the "Microsoft Stack". And that means using Active Directory for authentication pretty much across the board, including any Single Sign On systems.
If you need to also talk to entities outside your own domain (other businesses), you would normally set up a trust relationship in your AD domain with the partner system (either directly with their AD system or via LDAP) so that signing in there grants the needed permissions locally, and vice versa.
If you need to support software systems hosted locally, but provided by third parties, you would choose systems that support AD or LDAP for authentication.
Joel Coehoorn
2009-01-09 16:05:26
Well, this is not the case for me and my current customer. We probably could run AD internally but we also have to intergrate with external partners so AD is not really an option. Frameworks like OpenSSO and ESOE seems very flexible and extensible and so seems like a good fit in this situation.
JohannesH
2009-01-09 16:09:41
Okay, I missed something. The normal thing is for external partners to also use AD, and if necessary a trust relationship is set up between distinct AD domains so that signing in to one automatically confers the needed permissions in the other.
Joel Coehoorn
2009-01-09 16:30:42
It's also normal, when the partners cannot or will not use AD, to look for an open standard like SAML.
John Saunders
2009-10-22 19:44:31
+1
A:
Do you really need the SSO server itself to be running on .net? OpenSSO runs as a Java web app, but it can authenticate users against AD, do Windows Desktop SSO (aka SPNEGO, aka Kerberos) to authenticate users from their Windows login, with no additional username/password step, interoperate with ADFS via WS-Federation and protect web apps running on IIS via a policy agent.
So, you can hook up all the Microsofty stuff, plus do SAML 2.0 single sign-on to external partners.
metadaddy
2009-01-10 01:03:14
+1
A:
I found a Danish open source .NET library (OIOSAML) implementing the SAML 2.0 standard. It was developed as a project for the danish government as their common SSO solution.
Download: http://www.softwareborsen.dk/projekter/softwarecenter/brugerstyring/oiosaml.net/
Update: Now you also have the option of using the Windows Identity Foundation which my colleagues and I have used successfully in a project for Jubii.dk. In fact i would recommend WIF over OIOSAML.
JohannesH
2009-01-23 10:27:34
A:
Mark Attwood
2010-09-04 16:41:25