Intergration (Single sign-on) What is the best way to pass authorization and authentication information between two web applications.
Intergration (Single sign-on) What is the best way to pass authorization and authentication information between two web applications. One application is on Microsoft Platform in asp and other I don't know it right now.
I would like to get some advice on this matter. Thank you in advance!
Answers (5)
CAS by JASIG.
It does really depend though. There are a number of ways to do SSO (cookie sharing, token passing, database links...), and MS I believe has a solution for a purely MS technology stack. The real issue with Single Sign on is Single Sign Off and session management. If you want to do it right for a large number of apps, CAS is the best that I know of.
Links:
Niall K
Making websites fast, discoverable, and social. Design for browsers, crawlers, and third-party integration.
Best Answers in: Web Development (1)
Take a look at OAuth, a browser-based authentication system loosely based on existing systems at Google, Yahoo, and Microsoft. Website 1 sends a user to an authorization page on Website 2 and receives an access token in response. This access token is added to HTTP requests to receive permissioned access to third-party data.
Links:
Cookies coupled with common credential and session stores is a simple and effective solution if each app is in the same second level domain and lower (MySite.com, Tools.MySite.com, etc).
You can also look at Site Minder which takes care of SSO, depending on where both the web apps are deployed..
If you are looking at pure single signon, in terms across applications if all are going to be on Microsoft platform then, the best recommended solution is making using of Microsoft's Active Directory, to authenticate and pass on the authenticated credentials to the individual applications, and the authorization happens at the application level.
If its on diverse platforms, there are products from CA's Siteminder, EMC's ClearTrust, and Oracle's OblixNeetPoint.
