6

first of all, I'm pretty much of a beginner in this area. I'm supposed to find a real Single Sign-On solution for multiple websites (that use shared openLDAP user and pw data) we use inside our company. Meaning: you login one time and are connected to all of the supposed sites and don't have to re-enter the login credentials again and again.

I read a bit into that stuff, finding pretty much information about SSO, different solutions and the combination with openLDAP. Most of what I read tended to -> combine openLDAP with Kerberos. But all I've found for this is pretty advanced stuff and kinda looks like a monster-project.

So my actual questions are: is it the best solution to combine our openLDAP with Kerberos to achieve SSO? Are there other solutions worth mentioning? And of course: WHERE and HOW do I start?

Andreas Spaeth
  • 173
  • 1
  • 3
  • 13
  • It really depends on what kind of applications that will require SSO in your establishment. If your applications are Web applications, you can take a look at CAS [http://en.wikipedia.org/wiki/Central_Authentication_Service] and similar solutions. Kerberos can be used too, but your applications and/or software that require SSO will have to be Kerberos-enabled (i.e., know how to work with it since it's actually a protocol, not a product). OpenLDAP or other directory server software is usually used as the user repository in SSO setups. – Bora Mar 05 '14 at 07:00

1 Answers1

0

Have a look at SAML (Security assertion markup language). https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language

Yuvika
  • 5,624
  • 2
  • 16
  • 21