WebApp Sec mailing list archives
Federated Authentication (without SAML)
From: Gary Gwin <ggwin () cafesoft com>
Date: Fri, 16 Sep 2005 15:41:33 -0700
Given that SAML, Project Liberty, etc. are not yet supported by most companies, I'm curious what solutions you may have seen for the following use case:
User logs into web site A using forms with username and password authentication. Web site A has a link to a parter web site B, which also requires user authentication using forms authentication with username and password. The goal is to automatically authenticate the user to web site B. Web site B offers no additional services for any sort of identity assertion interchange between the two sites (but may be willing to do deploy something "lightweight"). The username and password for a given user may or may not be equivalent on site A and B. To further complicate life, site B has a requirement that user must update their passwords every 30 days.
Gary -- Gary Gwin Cafesoft 858.384.3330 x512 http://www.cafesoft.com **************************************************************** * * * Cams is a web single sign-on software solution for Apache, * * Microsoft IIS, BEA WebLogic, IBM WebSphere, JBoss, Oracle, * * and Tomcat web and J2EE application servers. * * * ****************************************************************
Current thread:
- Federated Authentication (without SAML) Gary Gwin (Sep 16)
- Re: Federated Authentication (without SAML) Scovetta Labs (Sep 17)
- Re: Federated Authentication (without SAML) Mamading Ceesay (Sep 17)