I have a classic ASP application currently secured using ASP.NET Forms Authentication running on IIS 6, the problem is our purposes require this application implement a Single-Signon security model using Entrust TruePass which uses Client Certificates I believe. Can this be implemented using ASP.NET Http Modules or do I have to write an ...
I don't know much about AIR apps, but I like what I'm seeing so far. So now, I'm wondering if this type of app would make sense in the intranet at work. Before I invest time and effort into ramping up on AIR development, I would like to know: is it possible for an AIR app on Windows to do single sign-on authentication against Active...
we (a team of about 150) are considering moving our ALM solution from Bugzilla/CVS to Jira/svn/Confluence/Bamboo/Fisheye. SO has a lot of good info on those, but I would be interested to learn about another tool from Atlassian - a Single Sign On (SSO) Crowd, I am considering adding it to the mix for an LDAP integration with our Novell id...
Is it possible to establish SSO between two different vendors when each of them use different versions of SAML. VendorA uses SAML 1.0 and VendorB uses SAML 2.0 ? Can we have a intermidiary that interprets the assertions based on the SAML version ? ...
OK, the auditors have come knocking and I know one of their standard "exposures" is if your application allows concurrent logons by the same user. Let's put aside the quantification of that risk for a minute... The application I'm working with uses Oracle SSO for managing authentication, and as far as I know, it does not have an out-of...
I'd like to have my desktop Java application to have single sign on related to Active Directory users. In two steps, I'd like to : Be sure that the particular user has logged in to Windows with some user entry. Check out some setup information for that user from the Active Directory With http://stackoverflow.com/questions/31394/java...
I have a Virtual Machine running the following: Windows Server 2008 SharePoint 2007 SP1 Exchange 2007 Dynamics Axapta 2009 I have started the Single Sign On Service and configured it properly. Central Administration is running on HTTPS bound to a specific IP address as a new site in IIS. When I click on the link to manage the...
Hi, I have a main website here: www.blah.com Then a virtual directory www.blah.com/subApplication/ The main application uses .net forms authentication. If I make sure both web.config's share the same authentication keys, I can rest assured when someone browses to the virtual directory application the user will remained signed in righ...
How can I implement single sign on across domains? I have two or more domains and I want all of them to authenticate through one server using SqlMembershipProvider (ASP.NET 2.0 membership database) I have domain foo.com which hosts the asp.net membership database and another domain bar.com which wants to authenticate through foo.com. I f...
we have a lot of users on a VBulletin forum. now i want write few more apps on rails for the same userbase. Until now all the authentication and session management is being taken care of by VBulletin. What is the best way to provide SSO for my users both onVBulletin and on the rails apps i am writing ...
I have two apps that I'm trying to unify. One was written by me and another is a CMS I am using. My authentication happens in the one I coded and I'd like my CMS to know that information. The problem is that the CMS uses one session name, and my app uses another. I don't want to make them use the same one due to possible namespace confli...
I work in a large company, and I'm interested in best practices for internal security standards. We have a large ($500 million +) investment in SAP, and we also have .Net and a bit of JEE in our internal environment. I've found some documentation from MS and SAP, but it's outdated and not very specific. So far, it looks like we could e...
Currently, we have a small group of users that are set-up on an Microsoft SBS machine, hence available under active directory. These users, as well as a bunch of others also have entries on a second LDAP server (openLDAP). This second server is used for authentication and access control for a few different things such as our internal t...
Hello Apache/Win Masters: I really could use some help in solving what appears to be a trivial issue. In summary, I want to know the Window's loginID for the user accessing a Perl .cgi running in Apache on a Windows environment. Here's my basic Apache2 conf additions: ---- begin httpd.conf ----- ... LoadModule sspi_auth_module modu...
We're working on a SSO solution that allows users to log in via .net and then end up at a PHP app. I'm working on the PHP end, and after much work, I've decoded, parsed, and otherwise done things to the cookie that .net sets with the username and ticket expiration date. At least I think I have. My difficulty now is that the .net develo...
I want to log in for 1 application and use the same login token to authenticate the second application. I have used the same application name so both applications use the same membership provider..... I have 2 web applications, using asp.net 3.5, c#, hosted in IIS 7.0. I use the aspnet_membership provider for authentication/authorizatio...
Hi, I have an ASP.NET 2.0 web application(C#) where I wanted to enable Single Sign On. I want only certain users to have access to all the pages, but others to only see a few pages. What changes do I need to make to my Web.config file, and what code would I need in my code-behind for the pages? Thank you ...
There's a rails recipe that illustrates how to do this in rails 2, but now that sexy rack is in, the solution seemed no longer relevant. How can this be handled in rails 2.3.2? ...
The problem: We have several dozen one off applications in our environment scattered across a dozen servers. Some apps are secured with one-off form/db based logins. Some apps have permissions defined in web.config. Some apps have folder level NTFS permissions set (some with domain user accounts, some with local user accounts for ex...
My company develops and sells a SaaS application that has hundreds of customers. Some of our customers have asked us to support LDAP integration for authenticating user accounts against their existing systems instead of having to create another login account for each of their employees. Seems like this is referred to as Single Sign On (S...