On September 10, 2012 10:03 , Nick Kew <[email protected]> wrote:
I need to implement SSO (Single Sign On) for a tool to be launched for
people of our organization only.
For true SSO solutions, look at
Any strong reason to prefer those to worldwide initiatives
such as OpenID/OpenAuth?
Mostly because I didn't think of them :) But, now that you've asked:
My understanding is that most of the following features offered by
cosign/PubCookie/CAS are not offered by OpenID/OpenAuth:
* Centralized Single Log Out.
* Per-site forced reauthentication (e.g., when user's IP address
changes, or when they access a particularly sensitive resource)
* Per-site multi-factor authentication (including hardware tokens,
X.509 client certificates, etc.)
* Idle time outs (require reauthentication after, say, 2 hours of
no pages being requested).
* Hard time outs (require reauthentication, say, every 24 hours or
every week, regardless of activity)
* Credential proxying to back-end services (other web servers,
IMAP, LDAP, databases, etc.)
Regardless of the above, OpenID/OpenAuth may be a fine choice for the
original poster, depending on his requirements, particularly if he sets
up his own OpenID provider rather than using an external provider such
as Google or Yahoo.
--
Mark Montague
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
