We want to allow DB access (Oracle) to our users only through our own application - let's call it "ourTool.exe", installed locally on the users computers. Currently, the users must provide username/password whenever they start "ourTool". The provided password password gets decrypted and we use username/decrypted-password to finally log i...
I'm designing a web app which will be used on an intranet so Windows authentication mode is ideal. However, part of the app would need the ability to get a list of users (to pick users for assignments. Membership.GetAllUsers() doesn't apply (on its own) with windows-authentication. I can't use ActiveDirectoryMembershipProvider because...
I have seen resources for setting up single sign on with multiple .net apps in different scenarios, but is it possible to have a SSO solution for .NET and CF websites? Thanks! ...
Is it possible for a website to allow users to log in via multiple different methods, like Facebook Connect, OpenID, etc? Not referring to simultaneous logins of the same user, but wondering if it's possible to have multiple "SSO" options. Is there a side-effect of a user with credentials at, say, OpenID and Facebook logging in as bot...
I have several sites in different domains: example.com, example.org, mail.example.com and passport.example.org. All of the sites are having common look-and-feel and should share the same user base. And in such extreme case I still want all the sites to transparently (as much as possible) share user sessions with the following key proper...
Hey Folks, I'm trying to utilize CAS to perform SSO on the same domain name. however i can't really understand CAS. does CAS provides user management or i have to implement it myself ? can i integrate ASP.NET membership provider into CAS as the athentication provider ? Thanks ! ...
Hi, I have a small problem, how do I set a cookie for multiple domains? I do understand the security problems, and I am sure it has been done before. The reason for this is SSO. ie. account.domain.com will need to set domain logged in for: domain.com domain1.com domain2.com Is there any easy way, using PHP and cookies, or any alte...
I'm implementing a SAML 2.0 Service Provider and need to install a SAML 2.0 Identity Provider for testing. Given this need, the Identity Provider should ideally be free (or have a trial period) and be easy to set up and configure. I'm looking for basic single sign on and single log out functionality. I've tried Sun Opensso Enterprise. ...
How do I (or can I?) retrieve the cached credentials for the currently logged-in Windows user in Java? I want to reuse these credentials in some other GSS-API calls. Specifically, I'm answering an SPNEGO challenge from IIS. Thanks. ...
I have installed Ruby CAS server and my application is a simple Restful Authentication User Management Application , i would to like experiment my application by providing a Central Authentication for my User Management Application , i am using Restful authentication plugin for this , which act as the Ruby CAS client . Does Ruby CAS se...
I need to create a some SAML 2.0 assertions, and I'm having trouble finding what the XML should really look like. Most of the documentation seems to be about using particular tools, not about the messages. I've got the schemas, with a plethora of possibilities, but I can't find an example of what the relevant messages actually look like...
I was looking at a schema and trying to figure out what this table could be used for: CREATE TABLE "single_sign_ons" "token" VARCHAR(64) NOT NULL, "ip" VARCHAR(32) NOT NULL, "expired_at" DATETIME NOT NULL, "one_time" VARCHAR(64), "created_at" DATETIME, "updated_at" DATETIME, "user_id" INTEGER, PRIMARY KEY("token")); What is "s...
We are being tasked to hook up SAML 2.0 SSO in our application. We are a Microsoft shop running dot net framework 2.5. I have identified a couple of toolkits and I was wondering if anyone has had any experience with either. They are NetXtreme SAML from SAFABYTE and the ComponentSpace SAML 2.0 toolkit. Candid responses are appreciated!...
I'm building a web application that will have access to PeopleSoft's database via jdbc. Is it possible that I can use PeopleSoft's id/password for my custom application, so users accessing my website will not have to have another username/password? ...
We are developing a very large web application in .Net 3.5. Two separate vendors are involved having expertise in different areas. Both the vendors are located remotely and working on separate functional area of the same web application. I was wondering what is the best way to handle the development of UI. The UI have a master structure...
What is the best solution to implement single sign on in a .net application? I have googled and found few solutions but I am not very convinced with those solutions. User logs on website1 and then moves to website2. How website2 will know user has logged in? I guess by passing some token in the url which will be checked by website2 in d...
I've set up CAS for single sign on with my Spring+JSP webapp, but now I've found out that single sign out isn't actually logging me out of the applications. I've confirmed that if I go to the CAS logout page, I do receive a SAMLP logout request from CAS. When I go back to a secured page in the app, however, I get in without logging back ...
I am putting a plan together for a series of sites that will share user account information among them. The idea is that once a user logs in using their OpenID, they can access any of the sites and it will know who they are. What are the common patterns/best practices that i could employ to achieve this? ...
I am looking to implement single sign on for two applications on different domain. Both the applications are in .Net 3.5. I understand I need A user tries to access a web page of Website1. The system identifies that the user is not logged in, so redirects the user to the Login Website. Once the user provides correct login information an...
hi, i've read alot of questions here regarding SSO and openid. it helped me alot in understanding SSO & Openid concept. just have a little confusion, i'll try to explain below: user visits www.websiteA.com user logins with Openid and if success then he's logged in. a cookie is created and sessionid stored in shared users db. user vis...