Solved

Single Sign On - Best Route?

Posted on 2008-10-16
7
341 Views
Last Modified: 2013-12-24
We are running a Windows network (w/2 mac clients) with Active Directory for authentication.  We are going to be rolling out some various web applications (project management, etc) and would like to have a Single Sign On solution so that users can authenticate once (via a website?) and access all of them.  Some of the systems will be PHP/MySQL and some ASP/MSSQL.

I am trying to figure out how to accomplish this as easily as possible in terms of management of the solution.  I found ADFS with google, but wasn't sure that would work with PHP systems.  I found CROWD (http://www.atlassian.com/software/crowd/) and a few others too.  I do not have a large enough budget to bring in a consulting group to accomplish this, so I am trying to find something I can implement myself.

Any ideas or thoughts?  I am completed open to ideas here (open source, Microsoft solution, etc).  Thanks!!
0
Comment
Question by:uiclas
  • 3
  • 3
7 Comments
 

Author Comment

by:uiclas
ID: 22730906
If it matters, all of the web applications we are wanting to use will authenticate against Active Directory for user accounts.  I am thinking that this could make it easier, but I am not sure.  Thanks!
0
 
LVL 6

Expert Comment

by:mirzas
ID: 22730961
Since you have AD, you do not need any special stuff for single sign on. Just make sure every application uses AD as its auth method.

Now for auth information to be persisted across applications you would need to do some work but this should not be a problem if all of the applications are made by you.
0
 
LVL 1

Expert Comment

by:patricka_0377
ID: 22731048
been involved in a corporate prokect to make all apps available via a portal website that logs into all different types of applications (not just ones that support AD)......after single sign on

BEA AquaLogic User Interaction
Various Database Servers
Glue Code to tie all apps together
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:uiclas
ID: 22731068
Several of the applications will probably be third-party or open source applications (like activeCollab), so I am not sure if that is a problem.  I will be developing several in house too though.

My ideal setup would be to have users log into a "portal" that would then have links to each of these different applications and when they would choose one, it would open that web app in a new window with the user already authenticated and ready to go.

I know if all of my apps are authenticating off of AD, they the users logons for any of the systems will be the same (if the system authenticates against AD), but I was hoping to save my users from having to enter in a user name and password for every app.

Does this make sense and is it even possible given my setup/situation?
0
 
LVL 6

Expert Comment

by:mirzas
ID: 22731101
You should be able to modify/adapt all of the applications to have a common way of authenticating.

You could use cookies to store login information that can work between different applications.
But all of the applications should be able to interpret such a cookie.
0
 

Author Comment

by:uiclas
ID: 22731171
So would I still need to implement something like ADFS?  Or would it be a matter of collecting their login info from the initial portal login and passing (via cookie, link, etc) to the application?

I do not know if I will be able to modify all of the applications code (depending on if it's open source or closed source) though.

I don't suppose anyone has ever written a "For Dummies" on this type of situation...
0
 
LVL 6

Accepted Solution

by:
mirzas earned 500 total points
ID: 22731330

The hard part here is how to adapt multiple applications to use the same auth scheme.


Just ignore everything about single sign on and think how would a single application be able to do these cases:

- is the user logged in?
- authenticate user


For the first part, you could have a  cookie that marks the user as logged in.
The second part would need to be common for all applications. i.e single page that sets/deletes the cookies when needed.

When you solve it for one application just apply the same generic logic to all others.


Hope this helps.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
powershell and sql server - alerting 7 77
Protectings Systems from Malicous Users 4 93
Update from TABLE-A to TABLE-B 5 39
Process mapping 5 29
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now