[英]Enterprise SSO implementation for a company
I've been trying to get my head around SSO in an enterprise environment and what solution best fits my companies problem. 我一直在尝试在企业环境中解决SSO问题,哪种解决方案最适合我的公司问题。
We have several apps (mostly in .net but some in java) running on our domain.. a.mydomain.com, b.mydomain.com etc... 我们的网域上有数个应用程式(主要是.net,但有些是Java)。a.mydomain.com,b.mydomain.com等...
My problem lies in trying to figure out how to implement Single Sign On, because as far as i can see, the likes of OpenID and OpenAuth are used for facebook, twitter, linked in based SSO, ie consumer based SSO. 我的问题在于试图弄清楚如何实现单一登录,因为据我所知,OpenID和OpenAuth之类的东西用于基于SSO(即基于消费者的SSO)链接的facebook,twitter。
We want an internal SSO system setup but I cant find many enterprise examples of how to do this and what protocols/frameworks/servers to use. 我们需要一个内部SSO系统设置,但是我找不到许多企业示例来说明如何执行此操作以及要使用哪些协议/框架/服务器。
Can anyone give me an idea how and if OpenID/OpenAuth should be used for this case, and what the benefits and disadvantages are? 谁能给我一个想法,在这种情况下应如何使用OpenID / OpenAuth,以及有什么优点和缺点?
also, would token based SSO be a good idea for this? 同样,基于令牌的SSO会是一个好主意吗? considering all the apps wiill be on the same domain (SSL is setup).
考虑到所有应用程序都将位于同一域(已设置SSL)。
Finally, what about cookie based SSO, is this a good idea? 最后,基于cookie的SSO怎么样?
Thanks Neil 谢谢尼尔
As you mentioned that all your apps are in the same domain and you are looking for an internal SSO solution I would recommend going for a cookie based SSO service.Simply because 正如您提到的那样,所有应用程序都在同一个域中,并且您正在寻找内部SSO解决方案,因此建议您使用基于cookie的SSO服务。
update: 更新:
Scalability: 可扩展性:
Cookies: 饼干:
Active Directory Federation Services ( http://msdn.microsoft.com/en-us/library/bb897402.aspx ) is an enterprise solution. Active Directory联合身份验证服务( http://msdn.microsoft.com/en-us/library/bb897402.aspx )是一种企业解决方案。 I would not recommend writing your own token issuer as there are lots of risks involved, security and performance.
我不建议您编写自己的令牌发行者,因为其中涉及很多风险,安全性和性能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.