Solved

Single Sign On - Best Route?

Posted on 2008-10-16
7
346 Views
Last Modified: 2013-12-24
We are running a Windows network (w/2 mac clients) with Active Directory for authentication.  We are going to be rolling out some various web applications (project management, etc) and would like to have a Single Sign On solution so that users can authenticate once (via a website?) and access all of them.  Some of the systems will be PHP/MySQL and some ASP/MSSQL.

I am trying to figure out how to accomplish this as easily as possible in terms of management of the solution.  I found ADFS with google, but wasn't sure that would work with PHP systems.  I found CROWD (http://www.atlassian.com/software/crowd/) and a few others too.  I do not have a large enough budget to bring in a consulting group to accomplish this, so I am trying to find something I can implement myself.

Any ideas or thoughts?  I am completed open to ideas here (open source, Microsoft solution, etc).  Thanks!!
0
Comment
Question by:uiclas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 

Author Comment

by:uiclas
ID: 22730906
If it matters, all of the web applications we are wanting to use will authenticate against Active Directory for user accounts.  I am thinking that this could make it easier, but I am not sure.  Thanks!
0
 
LVL 6

Expert Comment

by:mirzas
ID: 22730961
Since you have AD, you do not need any special stuff for single sign on. Just make sure every application uses AD as its auth method.

Now for auth information to be persisted across applications you would need to do some work but this should not be a problem if all of the applications are made by you.
0
 
LVL 1

Expert Comment

by:patricka_0377
ID: 22731048
been involved in a corporate prokect to make all apps available via a portal website that logs into all different types of applications (not just ones that support AD)......after single sign on

BEA AquaLogic User Interaction
Various Database Servers
Glue Code to tie all apps together
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 

Author Comment

by:uiclas
ID: 22731068
Several of the applications will probably be third-party or open source applications (like activeCollab), so I am not sure if that is a problem.  I will be developing several in house too though.

My ideal setup would be to have users log into a "portal" that would then have links to each of these different applications and when they would choose one, it would open that web app in a new window with the user already authenticated and ready to go.

I know if all of my apps are authenticating off of AD, they the users logons for any of the systems will be the same (if the system authenticates against AD), but I was hoping to save my users from having to enter in a user name and password for every app.

Does this make sense and is it even possible given my setup/situation?
0
 
LVL 6

Expert Comment

by:mirzas
ID: 22731101
You should be able to modify/adapt all of the applications to have a common way of authenticating.

You could use cookies to store login information that can work between different applications.
But all of the applications should be able to interpret such a cookie.
0
 

Author Comment

by:uiclas
ID: 22731171
So would I still need to implement something like ADFS?  Or would it be a matter of collecting their login info from the initial portal login and passing (via cookie, link, etc) to the application?

I do not know if I will be able to modify all of the applications code (depending on if it's open source or closed source) though.

I don't suppose anyone has ever written a "For Dummies" on this type of situation...
0
 
LVL 6

Accepted Solution

by:
mirzas earned 500 total points
ID: 22731330

The hard part here is how to adapt multiple applications to use the same auth scheme.


Just ignore everything about single sign on and think how would a single application be able to do these cases:

- is the user logged in?
- authenticate user


For the first part, you could have a  cookie that marks the user as logged in.
The second part would need to be common for all applications. i.e single page that sets/deletes the cookies when needed.

When you solve it for one application just apply the same generic logic to all others.


Hope this helps.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Azure Functions is a solution for easily running small pieces of code, or "functions," in the cloud. This article shows how to create one of these functions to write directly to Azure Table Storage.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question