It all depends on your level of trust for the method of authentication. If you trust that IIS can properly retrieve the user's information, then you can write an SSO solution for that environment, granted all your target users are in an M$ domain and run an M$ OS.
If this is not the case, you will need to find an alternative. PKI/Smartcards have been discussed extensively, though I'm not sure if a solution has been developed (maybe someone in that arena could share what type of infrastructure/software they use for that type of authentication, then again, maybe not).
From my observations, SSO solutions typically have a server component
that resides on the web server. Certain areas of the web server can then be marked as protected, where authentication is required for users to access that portion of the site. The SSO session is established the first time a user authenticates to an SSO protected site and those credentials persist for all/any access across other sites that are protected using the same server side SSO software. The session persistence is accomplished by storing some session information on the SSO policy server, and that is cross-referenced/autheticated using a client-side cookie. For some free (some maybe not so free) alternatives: http://www.josso.org/ http://www3.ca.com/solutions/Product.aspx?ID=166 https://opensso.dev.java.net/ Axton Grams On 9/25/06, Jason Tuomy <[EMAIL PROTECTED]> wrote:
I'm looking to implement a Single Sign On via mid-tier. I searched the archives but couldn't find any details. My customer is wanting to be able to point a user to the mid-tier and get them past the authentication without requiring the user to login. This would mean to somehow get their login and password credentials from their windows environment or something and pass it to the mid-tier and set the user directly to where they need to be. I found that there are plenty of SSO software out there that will get some form of this data and put it into some kind of HTTP token that I could then retrieve (via White Paper) and pass to mid-tier. I was wondering if I have to have SSO software or is there some way to do this without purchasing software. Again, my customer doesn't want to have the user do a login/password process to get to mid-tier. So, using LDAP doesn't seem to be the right process. Unless I can retrive the password and store it locally. Any help would be greatly appreciated. Thanks. Jason Tuomy _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
_______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
