Brief Description
Authentication is a horizontal requirement across multiple applications, platforms, and infrastructures. In general, there's no reason why user Mary should need multiple usernames. Ideally she should only need to identify herself once and then be provided with access to all authorized network resources.
The objective of SSO is to allow users access to all applications from one logon. It provides a unified mechanism to manage the authentication of users and implement business rules determining user access to applications and data.
Generic Functional Requirements
Client:
Simple client integration for multiple platforms, ex.
- Apache::AuthCAS
- Java
- JSP Client
- uPortal
- ASP.NET Forms Authentication
- ASP.NET
- ColdFusion
- Perl
- PHP
- Prado
- Python (mod_python)
- Ruby on Rails
- Seraph
- WebObjects
Server:
- Java based
- Supports application authentication with SSO server
- Support for reauth
- Support for kerberos authentication
- Support for LDAP/database connectors for identity information
- Support for 2 factor authentication
Standards Support and Integration Considerations
Key Design Considerations
Technical Solutions
CAS Central Authentication Service <http://www.jasig.org/cas>
SAML: Shibboleth <http://shibboleth.internet2.edu/>