A good (and free) place to start is https://freecomputerbooks.com/Identity-Management-on-a-Shoestring.html
1. You will have an application that will perform the authentication. 2. You will add a library/plugin to your application, or along side it, that will 'protect' the application and make sure the user is authenticated. I suggest you tackle item 1 first. It is the more complex side of the relation. There are often multiple options for 2 depending on your choice for 1. In the rare case, you may have to write your own solution for 2, but that would/should be a last resort. There are a number of open source solutions to 1 (and 2). If you are a php shop, take a look at SimpleSAMLphp, https://simplesamlphp.org/ Most SSO solutions can do multiple protocols. Cas does CAS and SAML protocols, Shibboleth does SAML and CAS protocols. All three can do other protocols as well. SAML is a protocol used by a lot of web based applications, especially in the cloud vendor market. CAS has a client library that can be added to each application's code base and enabled with simple configuration. If you have O365, you may have access to other features, check your license. Azure may be an option. The federation aspect of SAML authentication eases the management of multiple applications (service provider, SP or relying party, RP) interacting with multiple authentication providers (identity providers, IdP). Many countries and regions have a federation and there is a global one, eduGAIN, https://edugain.org/ Beware of the commercial vendors, there are a lot of them and there is a lot of competition. They will work hard to pull you in. Open source solutions are very capable, maybe even more so. Ray On Wed, 2022-04-13 at 17:11 -0700, RootName wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello friends I am an IT support in a university. We want to implement a centralized SSO authentication for internal applications and messaging Our applications and services: - Web application (run with php & Symfony) - Moodle - Office 365 However, I am limited in resources and ideas, I see that we can use LDAP + CAS however I understand how it works? also in some examples, I see that we need to integrate an identity federation like Shibolleth but why? If you can give me ideas, tracks, resources, it will help me a lot, I'm a bit lost. I am a bit lost. Thank you! -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/56e1f0d0f67c5a62872af9a4a1284f842099f430.camel%40uvic.ca.
