Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Single Sign on


  • Please log in to reply

#1
Hestia

Hestia

    Member

  • Member
  • PipPip
  • 16 posts
Hi,

I work for a company that is thinking of implementing a single sign on system. We've done the research but there are still some grey ares that I hope some one can shed some light on. Reading about on the internet it was that a good disaster recovery design would be needed in case the sign in system crashes, does any one know where I could find examples of a disaster recovery design...besides having a back up server.

Now for the second question.
The password vaults are said to need a high encryption level for it to be secure... does any one know where i could find examples on algorithms and encryptions

:) I desperately hope that some one here knows what I am talking about....looking forward to responses.
  • 0

Advertisements


#2
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
well what are you using to manage the "Single Sign On process" are you linking all the software in question back to LDAP? or a third party method? basically how are you planning on implementing SSO?

for the encryption.....again we'd need to know how you're planning on impleminting the SSO procedure
  • 0

#3
Hestia

Hestia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
The managers are still deciding on the exact method of implementation but they seem interesed in a version that either integrates with the current operating system's (Windows XP) primary log in or one that goes back to LDAP.
  • 0

#4
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
i'd suggest to go with LDAP as it's easier to monkey with.....for LDAP search LDAP AUTH or LDAP encryption
  • 0

#5
Hestia

Hestia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ah, thank you.. any suggetions for the disaster recovery?
  • 0

#6
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
well...DR is always funky.....for using LDAP for SSO if you have at least 2 DCs (recommended) then you should have fail-over ability for the domain as far as authentication is concerned....of course this means that any systems that require specific LDAP assignments will require a manual change in the event that the primary goes down....then standard backup methodology on both DCs in the event that both keel over
  • 0

#7
Hestia

Hestia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
By DC do you mean data centre, or something else?
  • 0

#8
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
no...Domain controller
  • 0

#9
Hestia

Hestia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello again,

I've spoken to my supervisor once again they want more research. :)

Can you reccomend some websites that explain more indepth a form of single sign on that:

Integrates with the current OS (Windows XP )

Where the primary domain credntials serves as the secondary domain credentials.

An SSO system that after the primary logon, all secondary domains are loggoned onto automatically... without the need of the user opening the appilcation.

Thanks for any help you can give me.
  • 0

#10
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
well i think the concept of SSO needs to be defined a little better

without giving away company secrets...what's the EXACT desired outcome...list the "systems" that you're wanting to integrate with SSO etc..
  • 0

#11
Hestia

Hestia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Right now they are still in the proposal stages and aren't really sure what they want to do with it. From speaking to my supervisor they just basically want a something simple that does not require them to remember any passwords (excpet pehaps one or a form of bio authentication) and integrates as smoothly as possible with their current systems.
However they want detailed information on all implementation methods.....

They did not want to tell me what systems they would be used on... since I'm a temporary druge but working here what they would most likely use it on is with a program that monitors customer consumption of...their um...product, accounts, management, permissions, etc. Within the system they're are about five differnt levels of access, that allow only viewing or various editing powers.........

hmmm I wonder if I answered your question at all
  • 0

#12
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
sort of....

don't you love being sent out on a fact finding mission without knowing what you're really looking for?

without actually knowing WHAT systems they are integrating...it's really hard to make suggestions as to what to use or even really give much background info

i think the main issue is that SSO (Single Sign On) is a CONCEPT not a product...SSO denotes the ability to logon once and be authenticated to multiple systems

if this is a windows domain...the cleanest SSO method is already available through LDAP (Lightweight Directory Access Protocol) MOST systems capable of doing true SSO have the ability to do LDAP integration in some shape or form (usually by just doing a direct LDAP lookup and matching the supplied info)......failing LDAP integration there are a multitude of other third party options....but you have to know which of these options your target system (i.e. the thing you're logging on to) supports...and without knowing that...you're up a creek etc...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP