Cross-platform SSO - where to start?

Question

Cross-platform SSO - where to start?

I am exploring single sign-on options between two disparate systems: one .NET, one Java EE. Each of them is independently managed and has a separate user management with some overlapping users.

I would like to be able to refer to each other without asking for the password again.

There seem to be many options for SSO products and protocols. I'm pretty sure that I can create one-time code to generate and verify my own secure tokens, but would prefer not to reinvent the wheel.

What would you recommend in terms of approach and / or product (preferably open source)?

First off, would you go with something that supports SAML, OpenID, OAuth, or none of the above?

Secondly, from free / open-source products, I know OpenAM, Shibboleth, JOSSO and CAS. Any experience to share with any of them, good, bad or ugly?

+5

java-ee .net single-sign-on josso

wrschneider Apr 3 '12 at 1:54

source share

1 answer

Toby Hobson · Accepted Answer · 2012-04-19T19:09:40+0000

First, consider the protocols:

SAML 2.0 is a centralized / decentralized SSO protocol. This is the most advanced protocol and offers federation, that is, you can allow users to log in using any of the X-systems, or connect all users through a single system (known as IDP). SAML 2.0 is widely used in the financial and public sectors along with some major applications (for example, Google and Salesforce applications). It is also the most complex protocol.
OpenID - , /. OpenId. Stackoverflow - OpenId - , Google Facebook. OpenId , ( "" ) ( ).
OAuth SSO. B B A. OAuth , .. , X, X. .

, , , . Microsoft SAML 2.0, Java . java OpenId, .NET .

, SAML (OpenAM, Shibboleth, JOSSO CAS). - SAML - , , , . SSO Cloudseal ( SAML 2.0), , , . , , , , - !:)

Cross-platform SSO - where to start?

More articles: