WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Web single sign-on

From: Zed A.Shaw <zedshaw () zedshaw com>
Date: Fri, 10 Jan 2003 12:40:48 -0800
Hi Marty,
Not sure if anyone mentioned this before, and it might be too late, but take a look at uPortal and the CAS system. It provides SSO and is already integrated into uPortal, but it uses Kerberos so it is pretty solid already. 

http://mis105.mis.udel.edu/ja-sig/uportal/
http://www.yale.edu/tp/cas/

Oh, and it's all free.

Zed


On Monday, December 9, 2002, at 10:11 AM, Marty wrote:


Hi,

This was posted at Vuln-Dev, maybe it would be intersting to hear from
your group too.

---

Merci

Marty!

******************************************



Hi group,


We have a big discussion going on at one of my clients as we are about



to add an Internet portal to several applications. We are looking at
implementing a single sign-on (SSO) solution for our web applications.


This discussion is as follow:

1- Should we buy an already made up single sign-on solution or build
one in house?

We've met with the people from Tivoli and Computers associates
already. Other suggestions?

2- What if we go for a temporary in-house solution for next year and
get stuck with it as the portal and the number of applications starts
growing?

My concern here is the potential of risk being blamed by the auditors
about an in-house development vs a well known product.

The number of users of the portal will grow in the ten of thousands by



the end of next year. Robustness of the solution should also be a main



factor.

The security of the project is taken care of by firewall, access list,



DMZ etc.

The number of different application is already up to ten and the
portal is not even built yet. The deployment of the appliactions (all
web
based) should start as early as march 2003.

Pre-requisites : We have to work with the fact that the environment is



IBM Websphere servers and the fact that we are already using LDAP for
authentication on some applications. No comments on that part please,
we have to live with it...



---

Thanks!

Marty

******************************************

Pensée de la semaine :  Comme pour l'esprit, rien n'est trop grand,
pour la bonté, rien n'est trop petit.

Martin M Samson
Chef de projets,







-----
Zed A. Shaw
http://www.zedshaw.com/
Previous By Date Next
Previous By Thread Next

Current thread: