sso

Single SignOn using OpenSSL on Apache Server

Hi, I am new to the OpenSSL world and trying to implement SSO on my PHP based application. I have already set up the OpenSSL Library and PHP openssl extension. Now, what I need to know is, what steps I need to take and where I can find reference of that. My requirement are 1- User will be provided a certificate, and browser will submi...

Single sign on with OpenSSL, LDAP and Windows Authentication

Hi, I am developing a PHP Application on Linux server. my application user are stored in LDAP Directory with their domain logins. Now, what i need to do is to give them SSO, attached with there domain credential so when a user logs in to the domain they will not be asked to provide their loginname and password. To do this, I have impl...

how to combine domain login and intranet login

hello friends i am developing one intranet application called human resource information system using jsp and servlets. I want to combine both domain login and application login I mean when user login to the system using his/her user name he/she will automatically log in to my intranet application how its posible? ...

Single Sign On with SubDomains

Please I would like to know how to implement Single Sign On across subdomains running on a mixture of programming platforms, asp.net and php? ...

What are the potential security issues in this implementation of SSO?

I'm currently researching cross-domain SSO implementations, and I may not be able to use a third party SSO provider. I found a custom implementation online that involves a series redirects and an encrypted querystring parameter. MrUser logs into http://www.foo.com MrUser clicks a link to http://www.bar.com/page.aspx MrUser is not aut...

Web SSO using Java and SAML 2.0

I'd like to write an web application which does authetification using SAML 2.0 tokens issued by an identity provider. I understand according to this question that there is a viable solution in the PHP world using simpleSAMLphp. Is there a equivalent method in the Java world? Are there out of the box solutions and/or tutorials for common ...

Sharing Servlet session with PHP

I want to use a Java EE application server (GlassFish 3) as SSO service for both Java applications and PHP applications. If a user gets authenticated by GlassFish he should also be logged into the PHP applications. Is there a best practise to share the Servlet session (more precise: authentication status) with PHP? ...

Configuring Firefox 3.0.x to send a Kerberos token

Hello, I'm trying to convince Firefox 3.0.14 to send a Kerberos token. I have configured the service correctly and IE will send a Kerberos token (i.e. starting YI..), but after adding the hostname to the network.negotiate-auth.trusted-uris and network.negotiate-auth.delegation-uris settings in about:config, Firefox only sends an NTLM t...

CAS (Central Authentication Service) example with JSF

Does anybody have a simple login JSF example with JA-SIG CAS? I got their web example up and running. But, in my case I need more than that, in my application when an user logs in (there are many roles: manager/sales/tech supports), then the user needs to be redirected to a defined page that contains the application menu which the user ...

How do I use AES 256-bit encryption when integrating with SalesForce?

My question relates to aes 256 bit encryption in browser post. I want to integrate an intranet application with salesforce and want the data transfer between them should be aes 256 bit encrypted so that the client gets utmost security. Can anyone give me ideas as to how it can be implemented? the integration b/w them will also be through...

How to validate a Kerberos ticket against a server in Java?

Hi there, we are using JAAS to enable Single Sign On in a Java application using the Windows Kerberos ticket cache. Our jaas.conf config file looks like this: LoginJaas { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true doNotPrompt=true debug=true; }; With this, we can create a Jaas LoginContext and su...

Implementation issues with SSO

Let me preface this by saying I'm a beginner in a PHP environment so there may be a simple answer here. We're trying to use phpCAS to connect to our university's CAS server. Our server has been set up to match these requirements: http://www.ja-sig.org/wiki/display/CASC/phpCAS+requirements, and we have installed phpCAS to it's own access...

Cross Domain Single Selective Sign In.

Hi, Its not explicitly cross domain sessions that I am looking for, but its the easiest way to explain what it is I want. I have a system which creates websites. The websites are hosted across lots of different servers. Users can create their account and then they can create lots of websites. They could create www.mysite.com subdom...

Getting CardRequestFailedException

Hi, I have ADFS RC setup at Windows 2008 Server Standard Edition SP2 64 bit. As soon as I login to provisioning.aspx using domain user account CardRequestFailedException occurs. I checked the diagnostic logs, ADFS eventing logs and security logs of the machine but could not find anything relevant to this exception. I'm not using silen...

Single sign on cookie removed by anti spyware software

We have a single sign on implementation for a family of websites where the authentication cookie comes from the root domain (e.g. bar.com), allowing them to be logged into a child domain (e.g. foo.bar.com). The implementation is in C# using standard .net forms authentication. Unfortunately, some of our users are having their authenticat...

Strange error with WIF RTM, occurs after reset IIS

I am hosting my web application on windows server 2008 with IIS 7.5, I have 2 web applications: 1. the first one is the core sso (Single Sign-on) service with a login page. 2. another web application is hosted on the same web server which use the first app for sso. I am using the WIF RTM to implementation the sso, usually, it is runn...

Impersonating a user from a Java Servlet

Given a Java Servlet (running on a Windows server) which creates a new process via ProcessBuilder, what are my options for having that new process run as the user who invoked the original web request to the servlet? To clarify, what I want is that something like ProcessBuilder pb = new ProcessBuilder("whoami"); Process p = pb.start();...

How to implement SSO with Joomla?

Hi All, we have following scenario. we have 2 web sites one is in asp.net and 2nd in Joomla 1.5. we want SSO from Joomla to ASP.Net site. Integration Flow as below. 1) Joomla site will have Menu Item named with "Join ASP.Net Site" 2) When Logged in User clicks on the Link we need to pass URL along with Logged in UserName in Joomla E...

Is there a way in Java or a command-line util to obtain a Kerberos ticket for a service using the native SSPI API?

Hi there, I want to implement Single Sign On with Kerberos in Java and have successfully managed to create a ticket for the Service using the ticket from the Windows logon. Unfortunately, I can only create that ticket when the Registry Key "allowtgtsessionkey" is enabled. I am receiving an exception with the message "Identifier doesn't ...

How to Restrict a SAML 302 Redirect to an IFRAME?

Is it possible to load content within an IFRAME that subsequently returns a 302 redirect, without having it redirect the entire browser window to the destination? I.e. limit the redirect to the IFRAME itself? If so, how? EDIT1: To restate... i have an IFRAME, the source of which is a self-posting FORM. The action returns a 302 to somewh...