I've been asked by a client to implement single signon for our web site from their network. The preferred methods/configurations are these:
1) SSO should occur over https
2) SSO information should include a timestamp
3) Trust information of any sort should be encrypted
4) Timestamps are synchronized with tick.usno.navy.mil and/or tock.usno.navy.mil to within +/- 30 seconds *
5) Where reasonable it is preferred that users only have access to the trusted system via SSO and not by direct login
6) The following hash and encryption methods are supported:
C. SHA-1/SHA-256 (Hash)
D. MD5 (Hash, deprecated)
7) we need to support /access LDAP version 3 or higher
My site is built in .net using Visual Studio, SQL Server 2008 database - all hosted by DiscountASP.
I have NO experience in any of this and am very nervous. My questions are;
1.How do I access their LDAP? I think via XML somehow. Any good references for this?
2. If I convert sites to https, what code updates will I have to do? Does it mean recoding of all pages or does it mainly hit the config.sys file?
3. anyone have good links to start researching?
Thanks SO much for any help...