+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 37
General Chat Thread, Single Sign on software in General; One of the things I keep getting requests for is a single sign on system, which can integrate any software ...
  1. #1

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,660
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831

    Single Sign on software

    One of the things I keep getting requests for is a single sign on system, which can integrate any software without needing modules etc... for it.

    Now the only packages I've come across that can do this are Citrix Platinum and another like that. The issue always turns up as being cost. We're talking hundreds of pounds per computer.

    Does anyone know of either a cheap system that does this or an open source project that is doing this?

    Or am I forever doomed to pass messages back that it is and always will be outside our financial reach?

  2. #2
    tonyd's Avatar
    Join Date
    Mar 2006
    Location
    Kent (Sometimes), UK
    Posts
    163
    Thank Post
    17
    Thanked 42 Times in 31 Posts
    Rep Power
    24

    ISA 2006?

    If you're talking about an SSO for authenticating websites via AD then ISA 2006 might just do the job. As far as I can tell you should not need client licenses for this since you're providing access for your own (internal?) users. See http://technet.microsoft.com/en-us/l...chNet.10).aspx for details
    Last edited by tonyd; 15th July 2008 at 02:31 PM.

  3. #3

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,344
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    Shibboleth is probably what you want Shibboleth®

    Do you have examples of software packages you currently have that you want single sign on for?

    Ben

  4. #4
    torledo's Avatar
    Join Date
    Oct 2007
    Posts
    2,928
    Thank Post
    168
    Thanked 155 Times in 126 Posts
    Rep Power
    47
    Quote Originally Posted by tonyd View Post
    If you're talking about an SSO for authenticating websites via AD then ISA 2006 might just do the job. As far as I can tell you should not need client licenses for this since you're providing access for your own (internal?) users.
    But i don't think ISA will provide SSO and identity management for *any* or all applications that a school might run...

    infact i don't think Citrix Password Manager would do this. Good thread though, i'd like to know the answer to this as most commerical products that do use modules, metadirectories and XML cost a mint. An open source solution or other reasonable priced product would be useful...

    Or is the answer really to web enable everything and tie it into AD and IIS. Sounds like square pegs and round holes to me.

  5. #5

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,344
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    Allthough shibboleth is for web sites so may or may not be what you are after.

    Ben

  6. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,660
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by tonyd View Post
    If you're talking about an SSO for authenticating websites via AD then ISA 2006 might just do the job. As far as I can tell you should not need client licenses for this since you're providing access for your own (internal?) users.
    Nope. I'm talking about a system like Citrix SSO - it looks for any login box, regardless of system, and remembers usernames and passwords. So you only have to log in to the system once, and then each application only once.

  7. #7

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,660
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    So that people know how Citrix works with this, it works with any virtualised application, so it intercepts login boxes and fills them, and submits them.

    Citrix Systems » XenApp Feature Spotlight Single Sign-On

  8. #8

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,660
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    SIMS.net, FMS, Outlook, then online services include Expo Electro, GLPI, SiX ( somerset intranet), Joomla etc...

    For that lot, if they use all of them, they'd end up with 6 usernames and passwords. Not exactly user friendly.

  9. #9
    stratisphere's Avatar
    Join Date
    Apr 2007
    Posts
    295
    Thank Post
    33
    Thanked 87 Times in 31 Posts
    Rep Power
    30
    While i think SSO is a good way to go... I think we have to be careful. Imagine a member of staff setting a simple password (we all have them types!), some student guesses it and bingo... access to everything that staff can access with one simple password.

    Saying that, all of our sites use LDAP authentication which goes back to our AD. The only thing now which isnt SSO is Sim.Net... which im not that keen on making to be honest.

  10. #10

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,660
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by stratisphere View Post
    While i think SSO is a good way to go... I think we have to be careful. Imagine a member of staff setting a simple password (we all have them types!), some student guesses it and bingo... access to everything that staff can access with one simple password.

    Saying that, all of our sites use LDAP authentication which goes back to our AD. The only thing now which isnt SSO is Sim.Net... which im not that keen on making to be honest.
    This should be dealt with via password policies for your system(s).

  11. #11


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

  12. #12

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,660
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by CyberNerd View Post
    Nearly all of them are

    a) linux only
    b) password managers rather than single sign on programs
    c) for individual use rather than school scale (ie. centralised).

    KeePass looks interesting though, as it does deal with dialogs.

  13. #13

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by CyberNerd View Post
    +1 to plexer, shibboleth is going to be the way forwards - but they are only keen on LA's signing up as identity providers.
    There are a number of reasons for this ... you can only have one IDp ... it is the master DS and other services hook into it. You cannot have 2 IDps as this causes conflict with Shibboleth. All other connecting services are run as Service Providers (SP).

    RBCs / LAs do tend to have some pet projects for LAN login (still in beta in East Midlands) but yes, it is a move to centralised services and hosted services from 3rd parties.

  14. #14
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,439
    Thank Post
    10
    Thanked 490 Times in 430 Posts
    Rep Power
    111
    Quote Originally Posted by localzuk View Post
    SIMS.net, FMS, Outlook, then online services include Expo Electro, GLPI, SiX ( somerset intranet), Joomla etc...

    For that lot, if they use all of them, they'd end up with 6 usernames and passwords. Not exactly user friendly.
    Sims has some AD features I think, although I've never used it. Im not sure what the possibilities with FMS are now as it's also sql2005 so may be like .net. glpi has AD integration, I use it here.

    I'm not sure I'd see what Citrix does as SSO either, although it may feel the same to the user, it isn't. It's more like the apple keychain than a unified sign on.

  15. #15


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by localzuk View Post
    Nearly all of them are

    a) linux only
    .
    you mean nearly all of them - except the ones like roboform, password safe, keepass which run exclusively on windows and keychain which runs on OSX !! so only 3/7 are linux only ?!

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. [CLOSED] Misc: Plus sign
    By Edu-IT in forum EduGeek.net Site Problems
    Replies: 4
    Last Post: 4th February 2008, 08:46 PM
  2. Moodle Single Sign On with CMS
    By monkeyx in forum Virtual Learning Platforms
    Replies: 0
    Last Post: 26th November 2007, 08:39 AM
  3. ePortal and CC3 Single Sign On
    By budgester in forum MIS Systems
    Replies: 3
    Last Post: 21st June 2007, 10:26 AM
  4. CMIS ePortal Single Sign-on
    By markberry in forum MIS Systems
    Replies: 12
    Last Post: 26th March 2007, 11:27 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •