sso

Identity management/SSO solution?

What are your recommendations for a basic, centralized identity management/SSO service? It must be open source, have a pluggable identity manager (eg: LDAP, DB, openID, etc.) and provide a decent range of API access options (eg: web services, REST, etc.). It must also be clusterable for high availability. JOSSO? CAS? others? ...

Single Sign On for Web Application

I am looking for solution where users of register websites with us can access our application without explicit login into our application. Websites owner will register with us to access our application User will login into their website and see link of our website to access it. Once user click on the link user will able to access it....

How to get referrer URL in ASP.NET when there are multiple redirects?

I'm developing a web application that uses an in-house SSO server for authentication. I have a link on my home page to a page called Logout.aspx. Logout.aspx clears the Forms Authentication cookie, all session data, then performs a redirect to the LoginUrl specified in the forms authentication configuration which is currently set to a ...

How to implement SAML SSO

How is SAML SSO typically implemented? I've read this about using SAML with Google Apps, and the wikipedia entry on SAML. The wikipedia entry talks about responding with forms containing details of the SAMLRequest and SAMLResponse. Does this mean that the user has to physically submit the form in order to proceed with the single sign o...

Impact of SSO on session time out

I need to implement SSO between a windows domain and a J2EE web appliction. I've been thinking what the impact of this would be on the web application's session timeout. We have a 2 hour time out. If we implement a seemless SSO, then I think it might become confusing for the user. The SSO will make it appear that the web application i...

Min Security Rights to Preform LDAP Queries in Active Directory

Our company is trying to implement a few single sign-on applications using Active Directory (Windows Server 2003) and LDAP. I would like to lock down the account used to make these LDAP queries as much as possible. What is the best practice for configuring this type of account? ...

Shared Authentication, Membership & Roles across DNN and ASP.net applications

Here's my situation. I have a DotNetNuke application. I want to link to an existing ASP.net website from within the DNN website, and have decided to use DNN's IFrame for that. The existing ASP.net application uses Forms Authentication for security - only authorized users can access the pages. This asp.net application also requires...

What is SAML?

I saw an interesting blank page today titled "saml post profile intersite transit." What is SAML? What was it created for? What is it commonly used for? What was the page I mentioned above all about? What functions does it provide that it's rarely used for but are otherwise interesting? Is there something better or other technology tha...

ASP.NET App behind Oracle SSO - Anonymous access?

We've got an ASP.NET Application that the client would like to protect Via Oracle SSO and also allow anonymous access to the application. None of the standard Oracle SSO plugins have an anonymous access option, so we wrote a custom java SSO plugin to check for Portal/SSO session cookies and do the base Oracle SSOServerAuth, and otherwis...

Convenient applications for Browser/POST and Browser/Artifact SAML profiles

I'm proposing the use of SAML 1.1 as technology to prove Web SSO in a customer environment, and they asked me something interesting: Which scenario Browser/POST profile is appropriate, and which scenarios Browser/Artifact profile of SAML is appropriate? In fact, SAML 1.1 Specifications don´t talk about the best neither most appropriate...

Connection pooling and single sign on

An ASP.NET 3.5 app with SQL Server 2005 must provide single sign on on intranet environment. This is done by using the Windows Authentication mode in the web.config. I want to use connection pooling as much as possible. I also want to use SSPI as database access in the connection string and not using impersonation (in the web.config) T...

SPNEGO (kerberos token generation/validation) for SSO using Python

I'm attempting to implement a simple Single Sign On scenario where some of the participating servers will be windows (IIS) boxes. It looks like SPNEGO is a reasonable path for this. Here's the scenario: User logs in to my SSO service using his username and password. I authenticate him using some mechanism. At some later time the user ...

True or False: cross-domain SSO always requires a third party identity provider

I currently have several websites which live on separate domains: www.app1.com www.app2.com www.app3.com Each has its own authentication mechanism - some query active directory via web service, others have their own user database. The goal is to have Single Sign On through some technology or product that doesn't require users to re-...

Kerberos authentication from my custom servlet?

I do the below steps to get the security token from browser for Single Sign on authentication. I am able to find the Token from http header. My question is: a) How do I verify this token with active directory? b) How do I find username from this token? While googling it seems Java API has Kerberos5 login module to do what I was expecti...

Supporting Single sign-on changing domain of JSESSIONID session cookie domain on Jetty

I'm trying to support single sign-on with JETTY and we have 2 subdomains running webservers that will support single sign-on through Jetty's SSO support. account.test.com app.test.com We have a SSOSession cookie that is set to *.test.com, but to support sign-off I need to ensure that my Jetty server running at app.test.com has it's JSE...

WCF Passing AD Login from win client, then validating it is correct in WCF Server.

I am wanting to create an application in winforms that calls a new WCF application that I create, and I want it to pass the current windows login credentals, enought to be able to pass it to the WCF side so that the WCF side app can validate that it is a good user. I want this so i can enable single sign in. ...

Question on Google Provisioning API and SSO Password change propagation

Hey all, I'm using the Google Apps Provisioning API to synchronize user data with our internal database (MySQL). For every new user created through our site's backend, a corresponding user in created in the GoogApp system. Change is passwords are also synchronized accordingly. I'm about to implement SSO, so that logins performed on ...

Getting SSO credentials through code on SharePoint fails

Hi, The following code is used in a custom WebPart, and for some reason it only works the first time it's executed on a page. After that it throws a SingleSignonCredsNotFoundException Any help or suggestions to how to solve this problem is much appreciated. public static SsoIdentity GetCredentials(string applicationName) { try ...

How do I use Microsoft AD and php single sign on web app?

I'm vaguely aware that on a computer joined to a domain IE can be asked to send some extra headers that I could use to automatically sign on to an application. I've got apache running on a windows server with mod php. I'd like to be able to avoid the user having to log in if necessary. I've found some links talking about kebros and apach...

How do I configure WebLogic 10.3 Web App To Use SAML 2 SSO and Identity Provider?

I have several Web applications all running in WebLogic 10 and I want to authenticate the users using SSO and WebLogic's built-in SAML 2 SSO support. I configured a SAML2IdentityAsserter on the security realm and created a Web SSO Identity Provider Partner that uses the meta-data from the identity provider that I set up earlier. That al...