+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 37
General Chat Thread, Single Sign on software in General; Originally Posted by DMcCoy Sims has some AD features I think, although I've never used it. Im not sure what ...
  1. #16

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,794
    Thank Post
    517
    Thanked 2,468 Times in 1,912 Posts
    Blog Entries
    24
    Rep Power
    835
    Quote Originally Posted by DMcCoy View Post
    Sims has some AD features I think, although I've never used it. Im not sure what the possibilities with FMS are now as it's also sql2005 so may be like .net. glpi has AD integration, I use it here.

    I'm not sure I'd see what Citrix does as SSO either, although it may feel the same to the user, it isn't. It's more like the apple keychain than a unified sign on.
    How isn't what Citrix does single sign on? You put in a password a single time, and it signs you on. :P

    Quote Originally Posted by CyberNerd View Post
    you mean nearly all of them - except the ones like roboform, password safe, keepass which run exclusively on windows and keychain which runs on OSX !! so only 3/7 are linux only ?!
    Ok, 4/7 are non windows. Of the remaining 3, Roboform and Password Safe are not what this thread is about - Roboform is browser only, and password safe is a password manager, not single sign on.

    But as I said, KeePass looks good. With some work, it could be altered to be centralised and compete with Citrix's SSO functionality.

  2. #17
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,461
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113
    Quote Originally Posted by localzuk View Post
    How isn't what Citrix does single sign on? You put in a password a single time, and it signs you on. :P
    The user names and passwords aren't the same though and have no relationship with each other. I'd like it to be more like the one ring, something that ties them all together rather than an expensive login box watcher.

  3. #18

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,794
    Thank Post
    517
    Thanked 2,468 Times in 1,912 Posts
    Blog Entries
    24
    Rep Power
    835
    Quote Originally Posted by DMcCoy View Post
    The user names and passwords aren't the same though and have no relationship with each other. I'd like it to be more like the one ring, something that ties them all together rather than an expensive login box watcher.
    Ah, but that is more than single sign on, that's more of a unified system - that'll never work fully, as it would require every software manufacturer to support it. Sure, you may get the key players supporting it (like many packages support LDAP authentication) but there will always be some which don't.

  4. #19


    Join Date
    Jul 2007
    Location
    Rural heck
    Posts
    2,662
    Thank Post
    120
    Thanked 434 Times in 353 Posts
    Rep Power
    126
    Quote Originally Posted by DMcCoy View Post
    Sims has some AD features I think, although I've never used it. Im not sure what the possibilities with FMS are now as it's also sql2005 so may be like .net. glpi has AD integration, I use it here.
    You can set sims to athenticate using the username of the current user instead of it's own user name a password. I think you have to altersomething in the local connect.ini. and also your AD and SIMS usernames have to match.

  5. #20

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,657
    Thank Post
    657
    Thanked 1,624 Times in 1,453 Posts
    Rep Power
    422
    True single sign on at least for web sites and what shibolleth is trying to do is you have one username and password and then you can sign into other resources using that

    You are authenticated at your home site and the others see you as a valid user and present themselves to you.

    Ben

  6. #21

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,794
    Thank Post
    517
    Thanked 2,468 Times in 1,912 Posts
    Blog Entries
    24
    Rep Power
    835
    Quote Originally Posted by plexer View Post
    True single sign on at least for web sites and what shibolleth is trying to do is you have one username and password and then you can sign into other resources using that

    You are authenticated at your home site and the others see you as a valid user and present themselves to you.

    Ben
    Indeed. That is the ultimate goal, but that is going to be many a year away. Until then, we have to try and manage the mess of passwords we all have to remember at the moment. So a faux SSO, password managing, login box intercepting database would be the ideal solution.

  7. #22
    limbo's Avatar
    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    460
    Thank Post
    2
    Thanked 41 Times in 36 Posts
    Rep Power
    25
    The way forward has to be to use domain security / AD info at the heart of it, otherwise you will still be looking at one username and password to log on to a computer and then another one for everything else.

    We are about 80% of the way there at the moment with domain security offering web based outlook, access to H: drives and online handbooks, helpdesks, photocopying booking system and subscription websites.

    The only alternative username and password our staff need at the moment is for eportal - which I believe can be supported with AD integration but just not got around to it yet.

    This is mainly built around our school website using iis security options. But much easier because we do not use the LEA mail or learning platform at the moment.

  8. #23

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,067
    Thank Post
    209
    Thanked 430 Times in 310 Posts
    Rep Power
    144
    Quote Originally Posted by limbo View Post
    The only alternative username and password our staff need at the moment is for eportal - which I believe can be supported with AD integration but just not got around to it yet.
    Yes, E-portal does offer LDAP single sign on support, but even though the boxes appear in the data controller program, it is a chargeable extra! When I last checked I believe they charged per user as well!!

    Mike.

  9. #24
    torledo's Avatar
    Join Date
    Oct 2007
    Posts
    2,928
    Thank Post
    168
    Thanked 155 Times in 126 Posts
    Rep Power
    48
    i agree with limbo....tie it all back to AD where possible. That's the simplest and most cost effective way... Most pbx systems, email, web portals allow for authentication against AD...it can't be that difficult to get most apps on board - even open source apps.

    Regarding shibboleth, that obviously requires vendor participation but what does the sysadmin have to do...if it's primarily an application at LEA/RBC level does that preclude orgs from deploying their own shibboleth system ?

    I think products similar to citrix sso is a quick and dirty method of reducing password sprawl, but as others have mentioned it is in no way a complete identity management solution - that's where shibboleth and vendor products come in, the only confusion i have surrounding shibboleth is it's user friendliness.

  10. #25


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by torledo View Post
    Regarding shibboleth, that obviously requires vendor participation but what does the sysadmin have to do...if it's primarily an application at LEA/RBC level does that preclude orgs from deploying their own shibboleth system ?
    There is a growing number of software vendors willing to sell their products as a shibbolised service. I spoke to Nelson Thornes last week who promised to have their software shibbolised by the end of the year. No more installs means the network admins have less to do. For the LEA/RBC do the authentication means they must first centralise their authentication servers. (technically they could put a box in to do shibboleth, but I doubt many would be up for that as there are more advantages to central control). So no more Active Directory to maintain. This also has the added advantage that it makes the service much easier to outsource should BSF come along.

  11. #26
    monkeyx's Avatar
    Join Date
    Nov 2006
    Posts
    364
    Thank Post
    8
    Thanked 52 Times in 41 Posts
    Rep Power
    25
    Whilst this is not a single sign on project as such, I have from time to tiime wish I had more time to look at the Fedora Directory Server Project. It seems to offer an LDAP/AD/Group synchronisation which is more of a MetaDirectory style solution.

    I have also previously looked at Home | DirectSSO whilst investigating typo3 CMS.

    Has anyone ever installed/used the Fedora System? As it look a promising approach for any system that supports ldap.

    PS also http://openid.net/
    Last edited by monkeyx; 15th July 2008 at 08:01 PM.

  12. #27
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,203
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    I haven't used this but what about Active Directory Federation Services? It might be more focused on web technologies.

    Single Sign-On: A Developer's Introduction To Active Directory Federation Services

    http://www.microsoft.com/windowsserv...hitepaper.mspx

  13. #28


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    @monkeyX

    take alook at freeIPA, I suspect some day we'll replace our aging ActiveDirectory with this - unless the LA come to the rescue and offer us all MSCE's for Microsoft when they install their shibbolised MSAD

    Main Page - Free IPA

  14. #29

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    I've not seen the Citrix solution before - it does look good but it looks as if it's just an automated way of remembering all the passwords (it talks about pre-provisioning secondary credentials). Anything with Citrix in the name tends to be expensive (but you do get what you pay for :-)) so other solutions might be better.

    Lots of software can have LDAP authentication - Moodle does, for example, and it's relatively easy to do it so it ought to be an option in other packages (I think the MIS system we use has an LDAP option although we're not using it at the moment)

    I'd guess it's worth talking to suppliers to see if they can do LDAP although it's going to be much harder for things external to you - handling secure collection of usernames and passwords isn't always easy and this is where Shibboleth comes in. If only I could understand where I start with it (but we have registered as an IdP so I'd guess that almost counts as a start!)

  15. #30
    torledo's Avatar
    Join Date
    Oct 2007
    Posts
    2,928
    Thank Post
    168
    Thanked 155 Times in 126 Posts
    Rep Power
    48
    @cookie, monkey - thanks for the info....

    didn't think about the Active Directory and Fedore directory 'add-ons' for SSO and federation. I'd imagine ADFS only plays nice with other M$ apps, the Fedora directory server - on the surface atleast - seems more promising. I believe the commercial Redhat directory server is based on the Netscape Directory Server which was highly scalable and truly 'enteprrise'...if fedora directory is the community project of that particular product it can only be good imo.

    @steve - great minds and all that...i was just about to ask cybernerd about 'where to start' when it comes to shibboleth. Edited it because i assumed he would point me in the direction of the shiboleth bit at internet2 (and quite rightly so) but my brains starting to hurt at this time of the evening and i'd want the idiots guide to shibboleth 101 ;0) with examples of using apps we all know, love, hate and abuse - i'm thinking moodle, groupwise, exchange, sharepoint, asterisk etc

    Can you have one identity/SSO solution for both internal and web facing stuff or is it as simple LDAP for inside/LAN, shibboleth for outside/WAN.
    Last edited by torledo; 15th July 2008 at 08:35 PM.

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. [CLOSED] Misc: Plus sign
    By Edu-IT in forum EduGeek.net Site Problems
    Replies: 4
    Last Post: 4th February 2008, 08:46 PM
  2. Moodle Single Sign On with CMS
    By monkeyx in forum Virtual Learning Platforms
    Replies: 0
    Last Post: 26th November 2007, 08:39 AM
  3. ePortal and CC3 Single Sign On
    By budgester in forum MIS Systems
    Replies: 3
    Last Post: 21st June 2007, 10:26 AM
  4. CMIS ePortal Single Sign-on
    By markberry in forum MIS Systems
    Replies: 12
    Last Post: 26th March 2007, 11:27 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •