Re: web single signon

From: The Orlok (subotai1_at_mindspring.com)
Date: 02/25/04

• Next message: Friecraker: "NetNanny"
• Previous message: Friecraker: "Ad-aware 6.0"
• In reply to: paul b: "web single signon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 25 Feb 2004 09:49:57 -0800

bisibis@pt.lu (paul b) wrote in message news:<1f716d42.0402190325.5a7e7172@posting.google.com>...
> Hello,
> I have to develop a web single signon system for a company and perhaps
> someone has already done a similar project.
>
> The goal is that the user will be identified with a certificate,
> stored on an usb-token(eAladdin eToken), and that they only have to
> signon once to be able to use all the company wide wbesites.
>
> We already put in place a certificate server which works fine and
> imagined to store the information which user has access to which sites
> in an LDAP tree, is this a good idea.
>
> I am not really sure how I can now manage the single signon on the
> websites, can someone give me a explanation how this will be managed.
> I saw an example where perl-scripts are running in the back of every
> site and interfacing with the LDAP tree to veryfy the users access
> rights, is this a good idea or are there better possibilities
>
> Thanks in advance
> CB

I have built these for some very large companies. Quite simple
actually. In a nut shell (at risk of leaving some stuff out) do this.
 You need to decide on 2 things. How will users be centrally
authenticated and what is your common authorization framework. Pick
an authentication package such as siteminder that allows you to set a
cookie with a unique ID and session ID upon successful authentication.
 If the package has an API, simply reference it in the other sites
prior to login to check for the cookie and verify its validity with
the authentication server. The user will be logged in automagically
if you programmed it right. Authorization is done by you as an API or
security scheme to decide types of users and what they have access to
and ensure that they only see stuff they are entitled to.

Hope this helps.

The Orlok

• Next message: Friecraker: "NetNanny"
• Previous message: Friecraker: "Ad-aware 6.0"
• In reply to: paul b: "web single signon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: web single signon ... > I have to develop a web single signon system for a company and perhaps ... cookie with a unique ID and session ID upon successful authentication. ... If the package has an API, simply reference it in the other sites ... (comp.unix.misc) Re: web single signon ... > I have to develop a web single signon system for a company and perhaps ... cookie with a unique ID and session ID upon successful authentication. ... If the package has an API, simply reference it in the other sites ... (comp.unix.programmer) Re: web single signon ... > I have to develop a web single signon system for a company and perhaps ... cookie with a unique ID and session ID upon successful authentication. ... If the package has an API, simply reference it in the other sites ... (comp.security.unix) Authencation ... although I understand there is a single signon, ... How do I set the authentication ... for the SMTP server? ... >>When I setup the POP3 server for Outlook, ... (microsoft.public.windows.server.sbs)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint