stackoom
  简体   繁体   中英

Enterprise SSO implementation for a company

 原文  2013-01-30 11:01:00       c#/ security/ authentication/ single-sign-on

Question

I've been trying to get my head around SSO in an enterprise environment and what solution best fits my companies problem.

We have several apps (mostly in .net but some in java) running on our domain.. a.mydomain.com, b.mydomain.com etc...

My problem lies in trying to figure out how to implement Single Sign On, because as far as i can see, the likes of OpenID and OpenAuth are used for facebook, twitter, linked in based SSO, ie consumer based SSO.

We want an internal SSO system setup but I cant find many enterprise examples of how to do this and what protocols/frameworks/servers to use.

Can anyone give me an idea how and if OpenID/OpenAuth should be used for this case, and what the benefits and disadvantages are?

also, would token based SSO be a good idea for this? considering all the apps wiill be on the same domain (SSL is setup).

Finally, what about cookie based SSO, is this a good idea?

Thanks Neil

2 answers

solution1
 1 ACCPTED  2013-01-30 11:14:57

As you mentioned that all your apps are in the same domain and you are looking for an internal SSO solution I would recommend going for a cookie based SSO service.Simply because

  • It will be easier to implement. Just checking the cookies and giving the user access to an app.
  • no XML message exchange between your different apps (no need to design a schema)
  • You don't need to hire any Web service experts. (As long as your developers know how to handle cookies)
  • ultimately it will depend on your scalability requirements .

update:

Scalability:

  • In future you might expand you user-base across different geographic locations.
  • Your different applications might have different servers and the user database might become distributed.
  • In such cases you will have to maintain an identity repository to give authentication as a service.(This is what is done by the authentication frameworks that you mentioned)

Cookies:

  • Cookie handling is no rocket science. The browser automatically sends cookies to your server in the HTTP request and you just have to read it.
  • Create the cookie wen user logs in. Set the domain property to your root domain so that other sub-domains can access it.
  • Check for cookie when user tries to log into an app. If cookie is present that means the user has already logged in.
  • Don't forget to delete them when user logs out.

solution2
 0  2013-01-30 12:24:22

Active Directory Federation Services ( http://msdn.microsoft.com/en-us/library/bb897402.aspx ) is an enterprise solution. I would not recommend writing your own token issuer as there are lots of risks involved, security and performance.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSO Implementation using DotNetOpenAuth Transaction implementation with Enterprise Library Implementation SSO using SAML in WCF Nuget Implementation in an Enterprise Application Issue 4-eyes-principal implementation on a contact & company system Umbraco 6.1.6 Web API SSO Implementation - Final Page Accepting Token ASP.NET Core OAuth2 implementation using company provider. Exception: The oauth state was missing or invalid Enterprise Data Dll signed by unknown company? Posting to company page on Facebook
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM