+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 37 of 37
General Chat Thread, Single Sign on software in General; I think part of the problem in achieving single sign on in most schools is the in-flexibility of active directory ...
  1. #31

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,087
    Thank Post
    210
    Thanked 432 Times in 312 Posts
    Rep Power
    146
    I think part of the problem in achieving single sign on in most schools is the in-flexibility of active directory itself. Now imagine if AD would let you 'validate' users from another source, say shibboleth for example. My old LEA used shibboleth for it's e-mail authentication, so every user in every school within that LEA has a valid account on its shibboleth server. It is also planning to use it for it's LEA wide VLE which is in the works at the moment.

    What would have been great is if my local AD server would also talk to the LEAs shibboleth server, and allow me to select accounts that I would like to allow onto my network. I could still assign them group memberships and manage the account locally within my AD environment, but shibboleth can provide the authentication method behind the scenes, which means the same username and password can then be used for everything! If they then moved schools within the LEA, I could de-valicate their account within my AD, and the next school can validate it on theirs. Also pupils that attend more than one school, 6th formers for example, could be validated at both schools.

    That way services that tie into AD like moodle and exchange can also use the same username and password. If all these different authentication services could actually talk to each other behind the scenes, then we'd be onto a winner!

    Mike.
    Last edited by maniac; 15th July 2008 at 09:41 PM.

  2. #32

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,530
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    As I have said earlier, the issue here is that we currently have vast amounts of passwords. Many services are provided by external people (our LEA, Capita, private software companies etc...). To get them all linked in would a) cost a fortune and b) actually be impossible in a short timeframe.

    I understand 100% that in the long term, federated logins etc... are the goal. But we are talking at least 5 years, probably more.

    In the mean time, the problem still exists, with more login boxes appearing all the time.

    So whilst a citrix sso solution may seem quick and dirty, that is precisely what is needed, until proper SSO is actually attainable.

  3. #33


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,033 Times in 813 Posts
    Rep Power
    341
    Quote Originally Posted by localzuk View Post
    I understand 100% that in the long term, federated logins etc... are the goal. But we are talking at least 5 years, probably more.
    it's been running since 2006
    UK Federation Information Centre | Home / Home browse

  4. #34

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,087
    Thank Post
    210
    Thanked 432 Times in 312 Posts
    Rep Power
    146
    Seems like there is also shibboleth/active directory interoperability:

    Internet2, the foremost U.S. advanced networking consortium, has developed Shibboleth™, the widely-deployed federated authentication architecture. In support of Windows Server 2003 R2 release, Internet2 is extending Shibboleth to provide interoperability with Microsoft's Active Directory Federation Services (ADFS), allowing sites using ADFS to participate in the rapidly growing number of Shibboleth-based federations worldwide, such as InCommon™
    From here: Windows Server 2003 R2 Partners

    and interesting project here: shibboleth-on-windows

    Apoligies for almost hijacking this thread, as none of the above really answers localzuk's origenal question, although I think it is relevant.

    Mike.

  5. #35

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,530
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Quote Originally Posted by CyberNerd View Post
    It may well be running but I don't see it being implemented within schools, within the programs that we use, within our LEA services and within RBC's any time soon.

    Those are still many years off.

  6. #36


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,033 Times in 813 Posts
    Rep Power
    341
    still, a lot of colleges and councils have already signed up as identity providers
    UK Federation Information Centre | Documents / MemberList browse

  7. #37
    torledo's Avatar
    Join Date
    Oct 2007
    Posts
    2,928
    Thank Post
    168
    Thanked 155 Times in 126 Posts
    Rep Power
    48
    Have been doing a fair bit of reading on this over the last couple of days, and it appears that there are a few options under the ESSO (enterprise SSO) that can help with what localzuk is trying to do....

    one of the more interesting ones i've come across is opensso....a community project led by Sun to develop an ESSO system based on their Java identitiy Access Manager commercial product.

    Don't know how easy it is to setup, configure and develop but it can't hurt to download the source and give it a whirl.

    Other than that, no products stick out other than citrix and novell (securelogin) which have already been mentioned.

    As for federation, which is what LEA's/RBC's are dealing with, it's really about moving to standards based techniques...the terminology differs (for instance how ADFS and Shibboleth refer to 'identity providers' differs) but the goal is to build applications and token authentication schemes to be standard compliant - particularly see parties going down the route of SAML and the WS-* stack.

    For us, like localzuk, a WebSSO project within the enterprise is more of a priority than the idea of intra-enterprise federation. WebSSO being the most obvous part of an identity and access management solution - and that's more than enough to be getting started with.



SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. [CLOSED] Misc: Plus sign
    By Edu-IT in forum EduGeek.net Site Problems
    Replies: 4
    Last Post: 4th February 2008, 09:46 PM
  2. Moodle Single Sign On with CMS
    By monkeyx in forum Virtual Learning Platforms
    Replies: 0
    Last Post: 26th November 2007, 09:39 AM
  3. ePortal and CC3 Single Sign On
    By budgester in forum MIS Systems
    Replies: 3
    Last Post: 21st June 2007, 11:26 AM
  4. CMIS ePortal Single Sign-on
    By markberry in forum MIS Systems
    Replies: 12
    Last Post: 27th March 2007, 12:27 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •