Brief Description
Authentication credentials tuned for web SSO can be based on proven SSO technologies such as CAS and Shibboleth which provide support for integration with many authentication credential stores such as a Kerberos KDC, LDAP, etc.
Generic Functional Requirements
- Support for authentication mechanisms used for Web SSO.
- Support non-web-based authentication clients
- Support for credential policies such as complexity, age requirements, etc.
- Support for multi-factor credentials
Standards Support and Integration Considerations
Where possible, avoid non-standard technologies which require specifically integrated vendor components to be deployed.
Key Design Considerations
Technical Solutions
- web SSO technologies such as CAS or Shibboleth, integrated with credential policy controls such as those provided with OpenLDAP
- multi-factor technologies such as OTP tokens integrated with the web SSO technology