Re: WAMP SSO

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On September 9, 2012 23:44 , Satya Prakash Prasad <satyaprakash.prasad@xxxxxxxxx> wrote: 
I need to implement SSO (Single Sign On) for a tool to be launched for
people of our organization only.


For true SSO solutions, look at

cosign: http://weblogin.org/
PubCookie: http://pubcookie.org/
CAS: http://www.jasig.org/cas



The tool should be able to detect
which intranet user is visiting our site automatically instead of
promptly asking organization n/w username / password.
All of the SSO solutions I mention above will prompt the user for their username and password, unless the user is already authenticated.
Rhetorically speaking, how would a SSO system "detect" the user's identity? There is nothing in standard web technologies that does this by default -- you would need to set up something for each user that differentiates that user from other users which the users' web browsers will share with your web servers. One choice is a long-lived cookie, but of course you'll have to take into account that this cookie could be stolen or forged, and so you'll still need to perform some sort of strong authentication (usually by prompting the user for a password). Another choice is to use a client-side X.509 certificate for each user. A third choice, if you are in an "enterprise environment" (e.g., all clients use Active Directory) is using SPNEGO. Most SSO solutions do not rely on any of these things being in place, and hence will prompt the user for their username and password. 



I am not sure
how to implement that both at Apache and back end code side (PHP
script) - such that a PHP script should be able to detect the 'USER'
at least.
If you set up any of the solutions listed above -- *except* for the cookie solution -- then Apache HTTP Server will put the identity of the authenticated user into the REMOTE_USER environment variable, which can be accessed in your PHP script with the code $_SERVER['REMOTE_USER'] 

--
  Mark Montague
  mark@xxxxxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux