Solved

Single Sign On - Best Route?

Posted on 2008-10-16
7
344 Views
Last Modified: 2013-12-24
We are running a Windows network (w/2 mac clients) with Active Directory for authentication.  We are going to be rolling out some various web applications (project management, etc) and would like to have a Single Sign On solution so that users can authenticate once (via a website?) and access all of them.  Some of the systems will be PHP/MySQL and some ASP/MSSQL.

I am trying to figure out how to accomplish this as easily as possible in terms of management of the solution.  I found ADFS with google, but wasn't sure that would work with PHP systems.  I found CROWD (http://www.atlassian.com/software/crowd/) and a few others too.  I do not have a large enough budget to bring in a consulting group to accomplish this, so I am trying to find something I can implement myself.

Any ideas or thoughts?  I am completed open to ideas here (open source, Microsoft solution, etc).  Thanks!!
0
Comment
Question by:uiclas
  • 3
  • 3
7 Comments
 

Author Comment

by:uiclas
ID: 22730906
If it matters, all of the web applications we are wanting to use will authenticate against Active Directory for user accounts.  I am thinking that this could make it easier, but I am not sure.  Thanks!
0
 
LVL 6

Expert Comment

by:mirzas
ID: 22730961
Since you have AD, you do not need any special stuff for single sign on. Just make sure every application uses AD as its auth method.

Now for auth information to be persisted across applications you would need to do some work but this should not be a problem if all of the applications are made by you.
0
 
LVL 1

Expert Comment

by:patricka_0377
ID: 22731048
been involved in a corporate prokect to make all apps available via a portal website that logs into all different types of applications (not just ones that support AD)......after single sign on

BEA AquaLogic User Interaction
Various Database Servers
Glue Code to tie all apps together
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:uiclas
ID: 22731068
Several of the applications will probably be third-party or open source applications (like activeCollab), so I am not sure if that is a problem.  I will be developing several in house too though.

My ideal setup would be to have users log into a "portal" that would then have links to each of these different applications and when they would choose one, it would open that web app in a new window with the user already authenticated and ready to go.

I know if all of my apps are authenticating off of AD, they the users logons for any of the systems will be the same (if the system authenticates against AD), but I was hoping to save my users from having to enter in a user name and password for every app.

Does this make sense and is it even possible given my setup/situation?
0
 
LVL 6

Expert Comment

by:mirzas
ID: 22731101
You should be able to modify/adapt all of the applications to have a common way of authenticating.

You could use cookies to store login information that can work between different applications.
But all of the applications should be able to interpret such a cookie.
0
 

Author Comment

by:uiclas
ID: 22731171
So would I still need to implement something like ADFS?  Or would it be a matter of collecting their login info from the initial portal login and passing (via cookie, link, etc) to the application?

I do not know if I will be able to modify all of the applications code (depending on if it's open source or closed source) though.

I don't suppose anyone has ever written a "For Dummies" on this type of situation...
0
 
LVL 6

Accepted Solution

by:
mirzas earned 500 total points
ID: 22731330

The hard part here is how to adapt multiple applications to use the same auth scheme.


Just ignore everything about single sign on and think how would a single application be able to do these cases:

- is the user logged in?
- authenticate user


For the first part, you could have a  cookie that marks the user as logged in.
The second part would need to be common for all applications. i.e single page that sets/deletes the cookies when needed.

When you solve it for one application just apply the same generic logic to all others.


Hope this helps.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question