2

My team is developing a Common Authentication-SSO (CASSO) application to be used within a corporates LAN. Any Web application under the company's domain needs to authenticate the user through this CASSO before the User can access the application. Currently the older version has implemented BASIC/DIGEST and NTLM. However to improve the security concerns we are considering to have KERBEROS within the CASSO.

What Authentication and Security models/protocols shall be followed? Secondly shall Kerberos be implemented along with NTLM, BASIC and DIGEST or is it fine to have only Kerberos and NTLM?

user1737755
  • 23
  • 1
  • 1
  • 4

1 Answers1

0

I know it may look a dumb answer, but have you considered CAS? it does exactly what you're trying to achieve :)

Here is a Link

I've used it for implementing the kerberos based authentication for our web applications and it was wonderful.

Mark Bramnik
  • 39,963
  • 4
  • 57
  • 97
  • Thanks Mark but this is supposed to be a in-house development and I guess what you suggested was a third party tool that needs to be customized. – user1737755 Oct 11 '12 at 11:44
  • Sure, we were in the same boat having some custom implementations. In general java supports kerberos based authentication but our implementation was very messy. So we've updated relatively easily. At the lowest level our custom code used JGSS i guess (it was a lot of years ago). And regarding your question I guess its up to customers requests what to implement. All of mentioned methods are intended for authentication with different strength. – Mark Bramnik Oct 11 '12 at 11:47