Re: SSO solution in ports?
Well, after a week of looking, I think I am going to go with a CAS solution, rubycas-server and rubycas-client. This supports several methods of authentication, including SQL, ActiveDirectory, LDAP, and GoogleAccounts. SQL is probably good enough for my application at the moment, but the LDAP option might come in handy someday. And it integrates nicely with Rails apps, which is my target platform. I looked at OpenID, which Rails also has good support for, but to my mind, it's just too complicated for the average user to use. I remember the first time I had to set one up, it was quite difficult to understand what it was they were looking for. I think it would scare away the average, non-technical, website user. Thanks for the ideas! Brgds: John On Jul 16, 2009, at 1:03 PM, Mel Flynn wrote: On Thursday 16 July 2009 06:54:39 Bill Moran wrote: In response to John Almberg jalmb...@identry.com: I am trying to build a set of web applications that are accessed through a web portal that uses a Single Sign On (SSO) solution. Problem is, there are MANY competing SSO solutions. Since building the client side of the SSO system is more than enough for me, I was wondering if there are any SSO servers in ports that I can just install and use? A CAS solution would be the best, but I'll look at anything. The most widely supported I know of is LDAP, and OpenLDAP works pretty well. That won't really work as LDAP can't read a browser cookie or maintain session information. LDAP is a good choice as storage backend. Your best bet is probably to use an OpenID based solution, as support for this sign on method is growing in web applications, so you lessen the chance of having to maintain your custom glue into the application. The security/phpmyid port is one implementation that allows you to run your own OpenID server. http://openid.net/ -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- unsubscr...@freebsd.org ~~ Websites and Marketing for On-line Collectible Dealers ~~ IDENTRY, LLC John Almberg - Managing Partner (631) 546-5079 jalmb...@identry.com www.identry.com ~~ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SSO solution in ports?
On Thu, 2009-07-16 at 10:52 -0400, John Almberg wrote: I am trying to build a set of web applications that are accessed through a web portal that uses a Single Sign On (SSO) solution. Combine your SSO (LDAP mostly, Kerberos is a waking nightmare) with a 2FA/TFA (Second Factor Authentication) solution such as grid cards, FOBs, or an OTP password list. I recommend Entrust IdentityGuard. Our pam_radius works fine with it, and web application can run NSS functionality out of LDAP and PAM functionality out of Entrust's SOAP-XML Authentication API. ~BAS ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SSO solution in ports?
I am trying to build a set of web applications that are accessed through a web portal that uses a Single Sign On (SSO) solution. Problem is, there are MANY competing SSO solutions. Since building the client side of the SSO system is more than enough for me, I was wondering if there are any SSO servers in ports that I can just install and use? A CAS solution would be the best, but I'll look at anything. Any tips or ideas, much appreciated. -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SSO solution in ports?
In response to John Almberg jalmb...@identry.com: I am trying to build a set of web applications that are accessed through a web portal that uses a Single Sign On (SSO) solution. Problem is, there are MANY competing SSO solutions. Since building the client side of the SSO system is more than enough for me, I was wondering if there are any SSO servers in ports that I can just install and use? A CAS solution would be the best, but I'll look at anything. The most widely supported I know of is LDAP, and OpenLDAP works pretty well. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SSO solution in ports?
On 7/16/09, Bill Moran wmo...@potentialtech.com wrote: In response to John Almberg jalmb...@identry.com: I am trying to build a set of web applications that are accessed through a web portal that uses a Single Sign On (SSO) solution. Problem is, there are MANY competing SSO solutions. Since building the client side of the SSO system is more than enough for me, I was wondering if there are any SSO servers in ports that I can just install and use? A CAS solution would be the best, but I'll look at anything. The most widely supported I know of is LDAP, and OpenLDAP works pretty well. Kerberos (4 or 5) is synonymous with single sign on. Kerberos support is not as integrated with services as LDAP is. I am almost the paranoid security type and I don't know if SSO is really a good idea (TM). You obtain someone's *weak* password because they don't want complexity, now the systems are wide open to them. System Login/Email are the two that bug me most. If I have your system login password, I have your email password too. Then anything else you hook into SSO is also known So I battle myself every day with the mindset if SSO is truly a worthwhile thing to look at, or if it should be at *most* two SSOs, one for system login, one for everything else Sorry to pull off on that tangent, but it seems nobody considers the downside to SSO, and it's been nagging at me. --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SSO solution in ports?
On Thursday 16 July 2009 06:54:39 Bill Moran wrote: In response to John Almberg jalmb...@identry.com: I am trying to build a set of web applications that are accessed through a web portal that uses a Single Sign On (SSO) solution. Problem is, there are MANY competing SSO solutions. Since building the client side of the SSO system is more than enough for me, I was wondering if there are any SSO servers in ports that I can just install and use? A CAS solution would be the best, but I'll look at anything. The most widely supported I know of is LDAP, and OpenLDAP works pretty well. That won't really work as LDAP can't read a browser cookie or maintain session information. LDAP is a good choice as storage backend. Your best bet is probably to use an OpenID based solution, as support for this sign on method is growing in web applications, so you lessen the chance of having to maintain your custom glue into the application. The security/phpmyid port is one implementation that allows you to run your own OpenID server. http://openid.net/ -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org