Hi, How to use DotNetCasClient for SSO using CAS Server in ASP.NET Application. I could create a ticket using DotNetCASClientServiceValidate & Authenticate APIs using Windows Form Authentication. But when I pass the ticket to another resource, how to validate the ticket against CAS Server. I know a Web Service can be validated using Aut...
I need to offer SSO for Windows users in a Seam web application. In our previous project (non-Seam) we used a modified jcifs NTLM filter to handle this, but the solution is crappy, cannot support NTLMv2 and is not supported by jcifs anymore. JBossNegotiation seems to offer SPNEGO support for JBoss, but I couldn't find any information on...
On a SAML v2 Federation, is it possible for the SPs to exchange attributes when the federation is based on the use of Pseudonym Identifiers? Should the SP that holds the attribute function as an IdP? In that case, should there be a transient linking of accounts between SP1 & SP2? ...
Hi all, I'm new to php and I need to authenticate to a SSO server. The SSO server is a .Net one, using a SSL certificate. When I go back from the SSO server, the response is encoded. I have the key of the certificate of course, but how could I decrypt the response ? This is very vague for me, don't hesitate to detail your answer :) M...
I need to make POST request to CAS SSO server login page, and CAS login page has few input hidden params which are dynamically populated through java. I don't know how to read these hidden param values from response and pass in to CAS server. Without passing these hidden params I am not able to login. Does any one how to read input hidd...
I just heard about a technology/protocol called "information card", which apparently is an alternative to open-id. How widespread is this and how does it compare to open-id and cas-sso? Also, on what level is Microsoft involved in the standard? ...
Hi, I need Single Sign On for two types of application: Silverlight 3 and Windows Forms. Do you have any advice about how I could implement this? Windows authentication is one possible solution. Any other? Thanks Best regards ...
I am working in an environment where there is one very large EAR that runs the whole website. This is large to the point if being unwieldy e.g. slow deployments, long checkouts etc. I'm considering splitting the ear in to seperate war's that are deployed seperately and then using a single sign on solution such as CAS to implement authen...
I'd appreciate any thoughts/insight any of you might have on this... I have two domains running the same applications e.g. mysite.com and mysite.org and I have a requirement that when a user logs into mysite.com then he should also be logged into mysite.org. Obviously, I can't set the cookie on another domain but I want to come up with ...
A supplier uses Ping Federate for SAML-based single sign-on. I've got some custom SAML 2.0 code which implements a rudimentary identity provider. I'm doing IDP-initiated SSO with URL and HTTP Post. The PF service provider is at https://domain/sp/startSSO.ping. What URL should I be posting my response (assertion) to on the PF server? I t...
I wonder if I should use the CAS protocol or OAuth + some authentication provider for single sign-on. Example Scenario: A User tries to access a protected resource, but is not authenticated. The application redirects the user to the SSO server. If beeing authenticated the user gets a token from the SSO server. The SSO redirects to the...
Hi I have a working Kerberos SSO setup, I use apache and jboss with mod_jk. Apache is protecting (by kerberos) the auto-login.htm page with the following configuration: <Location /auto-login.htm> AuthType Kerberos AuthName "Kerberos Active Directory Login" KrbMethodNegotiate on KrbMethodK5Passwd on KrbAu...
Hello, I have a group of users with accounts on a Community Server 2008.5 installation, and I would like them to be able to log in on that site and automatically be logged into a Drupal installation as well (on a separate machine). I believe I'll be able to figure out the Drupal site using the many external authorization tutorials, but...
I have a question, less pertaining to actual implementation more towards "how it works". We have a CAS server doing the SSO authentication for multiple web protals (sister protals). How does CAS validates the cookies across portals and how does it figure out that user was logged onto sister site. Also extending same question to; can som...
I am considering purchasing VBulletin and integrating it with my J2EE application. While I am still looking into what it takes to enable this integration, I was wondering if VBulletin supports single sign on so that my users do not have to login to VBulletin once they have been authenticated to the application. Any thoughts? ...
Hi All, I have a challenging scenario here. I have an existing asp.net 1.1 Application A which uses a 3rd party java application for login authentication. After authentication successfully, the 3rd party application based on the encrypted url redirect to my existing Application A. Application A will than decrypt the url and perform s...
I have an application which has an internal SSO implemented with it's sister sites; using a CAS implementation. It works fine and allows seamless transition for user between sites. (Though upon first visit to each site; user must provide some basic details to each site). Now we want to go ahead and have facebook connect implemented or f...
I'm beginning work on adding SAML SSO support to a project and am looking for any helpful resources specifically geared towards PHP. I understand the basic concepts and have poked around for any libraries that could help but have come up empty. The only thing I've found is simpleSAMLphp which appears to be an entire stack. Any tips for ...
I have an application, where I am displaying some stuff in javasctip modals using jquery. It req. user to login for certain flows; but we never leave modal for user. So here is what we do currently. During user flow if user needs to be logged in, we hide current div and show a login div Keep a hidden iframe with Source link as that of...
I consider to use OAuth for Single Sign-On (SSO) with RESTful services. At first sight to use OAuth as the de-facto standard looked naturally to me. But I must confess that I don't understand how to use it for SSO. During studying OAuth I discovered more and more criticism of Auth - so much that I tend to think OAuth has failed. OAuth i...