Russ:
We pursuing a "reduced" sign on
environment as opposed to a single sign on. Fortunately we've been able to
leverage AD as our "authoritative source" for IDs and passwords but due to the
plethora of heterogeneous applications, not all of them can leverage AD as the
authentication and authorization source.
In this context, reduced sign on is
that the end user will use their AD ID and password in the various enterprise
applications but we are purposely requiring the various applications
"re-authenticate" the user when the application is launched. We are doing
this as opposed to leveraging pass-through authentication for access
rights. The thinking is that this reduces risk to the various
applications. For example if I have access to a users unlocked work
station, I can't launch the financial system app and get access to info that I
shouldn't. I would get prompted again for credentials. Most of our
enterprise apps are on non-windows systems.
The reduced sign-on is part of an
overall "identity management" goal for our company so we did not target this
specific item. The identity management process encompasses various tools
and software components. I can give you more details off line if you
wish.
Diane
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Sunday, January 29, 2006 11:47 AM
To: [email protected]
Subject: Re: [ActiveDir] Single Sign-on
I think the part that I don't get is what your exact idea of SSO is,
Russ. I mean, Active Directory is a great central authentication
platform. It has other components that can be useful such as AzMan, ADAM,
and WS*. But it wouldn't be much of a deal to cause your applications to use
Active Directory as their authentication source instead of installing SSO
software on them and using that. Then you'd have no out of pocket expense.
Possibly. Depends greatly on what your requirements are in detail and what level
of effort you want to expend.
Al
On 1/29/06, Rodrigo
Blanco <[EMAIL PROTECTED]>
wrote:
Wiseguard is a cost-efective solution and integrates directly with AD.
Regards,
Rodrigo.
On 1/28/06, Rimmerman, Russ <[EMAIL PROTECTED]> wrote:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> This e-mail is confidential, may contain proprietary information
> of the Cooper Cameron Corporation and its operating Divisions
> and may be confidential or privileged.
>
> This e-mail should be read, copied, disseminated and/or used only
> by the addressee. If you have received this message in error please
> delete it, together with any attachments, from your system.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
