Hi, folks! First of all, let me apologize for my bad english.
I'm responsible for present a solution for implementing SSO in three sites that composes the products on my company. During a meeting last week I've presented Jasig CAS Server and CAS protocol as a possible solution and made a little demo and they all liked but there were many questions that I could not answer because my lack of knowledge in SSO and the short time I had to do the presentation. I'm in need of help in order to create a comparison sheet that states about CAS, Shibboleth, JOSSO and Picketlink on the following topics. The statements should not be too deep, just suficient to support an overview analisys between the solutions. If anyone could contribute in any of the topics of any os the solutions I'll be very grateful! Must have features: - Scalability - Extensibility - Adoption and use cases in production today (preferably in high availability scenarios) - Interoperability between Java, .NET, PHP and others. - Look and feel customization of server's user interface. - Communication protocols between identity provider and services. - Communication protocols between identity provider and authentication providers. - Facebook as authentication provider. - "Remember me" feature. - Auditing and statistics. - Suport for multiple domains and sub-domains services. - Documentation. "Nice to have" features: - Use of login forms in services. - Active community. - Google integration (OpenID/SAML) - JAAS integration. As a related subject, I'm (very) confused about the roles and features of CAS and Shibboleth. In his blog post entitled "CAS and Shibboleth Co-existing in Mutually Beneficial Harmony", Andrew Petro says that he sees CAS as "a flexible and capable mechanism for the Web authentication of local users." and Shibboleth as "the platform for federating that local Web authentication and implementing formal standards", also, in Shibboleth's about page, it is stated that this "federation stuff" is the title given to the scenario where the identity provider and identity services are not necessarily in the same organization. But I cannot connect this statements to the techical facts. Can I say that a "federated" scenario is SSO applied to sites in different domains (or sub-domains)? Can I say that a "federated" scenario characterizes that the identity provider should gather user informations in different organizations (protected databases or directories)? Doesn't the CAS server support authentication across multiple domains or sub-domains? What Andrew meant by "implementing formal standards", doesn't CAS support SAML too? Please, help! Thank you very much! *Frederico Zveiter* -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
