Single Sign on software

**localzuk** · 15th July 2008, 02:22 PM

One of the things I keep getting requests for is a single sign on system, which can integrate any software without needing modules etc... for it.

Now the only packages I've come across that can do this are Citrix Platinum and another like that. The issue always turns up as being cost. We're talking hundreds of pounds per computer.

Does anyone know of either a cheap system that does this or an open source project that is doing this?

Or am I forever doomed to pass messages back that it is and always will be outside our financial reach?

**tonyd** · 15th July 2008, 02:26 PM

If you're talking about an SSO for authenticating websites via AD then ISA 2006 might just do the job. As far as I can tell you should not need client licenses for this since you're providing access for your own (internal?) users. See http://technet.microsoft.com/en-us/l...chNet.10).aspx for details

**plexer** · 15th July 2008, 02:30 PM

Shibboleth is probably what you want Shibboleth®

Do you have examples of software packages you currently have that you want single sign on for?

Ben

**torledo** · 15th July 2008, 02:31 PM

Originally Posted by tonyd

If you're talking about an SSO for authenticating websites via AD then ISA 2006 might just do the job. As far as I can tell you should not need client licenses for this since you're providing access for your own (internal?) users.

But i don't think ISA will provide SSO and identity management for *any* or all applications that a school might run...

infact i don't think Citrix Password Manager would do this. Good thread though, i'd like to know the answer to this as most commerical products that do use modules, metadirectories and XML cost a mint. An open source solution or other reasonable priced product would be useful...

Or is the answer really to web enable everything and tie it into AD and IIS. Sounds like square pegs and round holes to me.

**plexer** · 15th July 2008, 02:31 PM

Allthough shibboleth is for web sites so may or may not be what you are after.

Ben

**localzuk** · 15th July 2008, 02:31 PM

Originally Posted by tonyd

If you're talking about an SSO for authenticating websites via AD then ISA 2006 might just do the job. As far as I can tell you should not need client licenses for this since you're providing access for your own (internal?) users.

Nope. I'm talking about a system like Citrix SSO - it looks for any login box, regardless of system, and remembers usernames and passwords. So you only have to log in to the system once, and then each application only once.

**localzuk** · 15th July 2008, 02:34 PM

So that people know how Citrix works with this, it works with any virtualised application, so it intercepts login boxes and fills them, and submits them.

Citrix Systems » XenApp Feature Spotlight Single Sign-On

**localzuk** · 15th July 2008, 02:36 PM

SIMS.net, FMS, Outlook, then online services include Expo Electro, GLPI, SiX ( somerset intranet), Joomla etc...

For that lot, if they use all of them, they'd end up with 6 usernames and passwords. Not exactly user friendly.

**stratisphere** · 15th July 2008, 02:54 PM

While i think SSO is a good way to go... I think we have to be careful. Imagine a member of staff setting a simple password (we all have them types!), some student guesses it and bingo... access to everything that staff can access with one simple password.

Saying that, all of our sites use LDAP authentication which goes back to our AD. The only thing now which isnt SSO is Sim.Net... which im not that keen on making to be honest.

**localzuk** · 15th July 2008, 03:01 PM

Originally Posted by stratisphere

While i think SSO is a good way to go... I think we have to be careful. Imagine a member of staff setting a simple password (we all have them types!), some student guesses it and bingo... access to everything that staff can access with one simple password.

Saying that, all of our sites use LDAP authentication which goes back to our AD. The only thing now which isnt SSO is Sim.Net... which im not that keen on making to be honest.

This should be dealt with via password policies for your system(s).

**CyberNerd** · 15th July 2008, 03:08 PM

I use kde wallet, but a quick wiki search revealed some more:

KWallet - Wikipedia, the free encyclopedia
GNOME Keyring - Wikipedia, the free encyclopedia
KeePass - Wikipedia, the free encyclopedia
NetworkManager - Wikipedia, the free encyclopedia
Roboform - Wikipedia, the free encyclopedia
Password Safe - Wikipedia, the free encyclopedia
Keychain (Mac OS) - Wikipedia, the free encyclopedia

+1 to plexer, shibboleth is going to be the way forwards - but they are only keen on LA's signing up as identity providers.

**localzuk** · 15th July 2008, 03:14 PM

Originally Posted by CyberNerd

I use kde wallet, but a quick wiki search revealed some more:

KWallet - Wikipedia, the free encyclopedia
GNOME Keyring - Wikipedia, the free encyclopedia
KeePass - Wikipedia, the free encyclopedia
NetworkManager - Wikipedia, the free encyclopedia
Roboform - Wikipedia, the free encyclopedia
Password Safe - Wikipedia, the free encyclopedia
Keychain (Mac OS) - Wikipedia, the free encyclopedia

+1 to plexer, shibboleth is going to be the way forwards - but they are only keen on LA's signing up as identity providers.

Nearly all of them are

a) linux only
b) password managers rather than single sign on programs
c) for individual use rather than school scale (ie. centralised).

KeePass looks interesting though, as it does deal with dialogs.

**GrumbleDook** · 15th July 2008, 03:19 PM

Originally Posted by CyberNerd

+1 to plexer, shibboleth is going to be the way forwards - but they are only keen on LA's signing up as identity providers.

There are a number of reasons for this ... you can only have one IDp ... it is the master DS and other services hook into it. You cannot have 2 IDps as this causes conflict with Shibboleth. All other connecting services are run as Service Providers (SP).

RBCs / LAs do tend to have some pet projects for LAN login (still in beta in East Midlands) but yes, it is a move to centralised services and hosted services from 3rd parties.

**DMcCoy** · 15th July 2008, 03:23 PM

Originally Posted by localzuk

SIMS.net, FMS, Outlook, then online services include Expo Electro, GLPI, SiX ( somerset intranet), Joomla etc...

For that lot, if they use all of them, they'd end up with 6 usernames and passwords. Not exactly user friendly.

Sims has some AD features I think, although I've never used it. Im not sure what the possibilities with FMS are now as it's also sql2005 so may be like .net. glpi has AD integration, I use it here.

I'm not sure I'd see what Citrix does as SSO either, although it may feel the same to the user, it isn't. It's more like the apple keychain than a unified sign on.

**CyberNerd** · 15th July 2008, 03:24 PM

Originally Posted by localzuk

Nearly all of them are

a) linux only
.

you mean nearly all of them - except the ones like roboform, password safe, keepass which run exclusively on windows and keychain which runs on OSX !! so only 3/7 are linux only ?!

LinkBack

Thread Tools

Search Thread

Single Sign on software

ISA 2006?

Similar Threads

[CLOSED] Misc: Plus sign

Moodle Single Sign On with CMS

ePortal and CC3 Single Sign On

CMIS ePortal Single Sign-on

Thread Information

Users Browsing this Thread

Tags for this Thread

Posting Permissions