[Meego-community] Single sign-on and user federation
daniel.wilms at nokia.com
daniel.wilms at nokia.com
Wed Mar 3 10:48:43 CST 2010
>Michael Cronenworth wrote:
>> daniel wilms wrote:
>>> 1. http://wiki.meego.com/Single_sign-on
>>
>> Why is an LDAP server[1] not listed? IMHO it trumps any one of those
>> options. Port 389 provides SSO for an office full of bugzilla,
>> mediawiki, and XMPP users who run Windows clients and are joined to a
>> Samba domain that uses LDAP for the backend.
>OpenSSO, JOSSO LemonLDAP:NG and CAS all use LDAP as their back-end
Small correction: they *can* use LDAP, but they are quite flexible. CAS for example accepts quite some methods (for example as well OpenID) for the authentication.
>authentication store, but just LDAP is not sufficient usually, you need
>to provide a nice straightforward authentication & session-minding bit
>between the various apps and the back-end - otherwise you end up having
>the same username & password everywhere, but you still have to sign on
>to everything separately.
The session handling is indeed provided by those alternatives. Using LDAP you have the same username and password, but you have to provide it for each service. The other SSO solutions allow, that you only have to provide your username and password once for each service and some of them offer as well single sign-out, which is as well quite nice.
>I would add Lemon[1] to the list, though.
Please do that!
Daniel
More information about the Meego-community
mailing list