Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Web single sign-on

Re: Web single sign-on

From: Zed A.Shaw <zedshaw_at_zedshaw.com>
Date: Fri, 10 Jan 2003 12:40:48 -0800

Hi Marty,

Not sure if anyone mentioned this before, and it might be too late, but
take a look at uPortal and the CAS system. It provides SSO and is
already integrated into uPortal, but it uses Kerberos so it is pretty
solid already.

http://mis105.mis.udel.edu/ja-sig/uportal/
http://www.yale.edu/tp/cas/

Oh, and it's all free.

Zed

On Monday, December 9, 2002, at 10:11 AM, Marty wrote:

> Hi,
>
> This was posted at Vuln-Dev, maybe it would be intersting to hear from
> your group too.
>
> ---
>
> Merci
>
> Marty!
>
> ******************************************
>
>
>> Hi group,
>>
>>
>> We have a big discussion going on at one of my clients as we are about
>
>> to add an Internet portal to several applications. We are looking at
>> implementing a single sign-on (SSO) solution for our web applications.
>>
>>
>> This discussion is as follow:
>>
>> 1- Should we buy an already made up single sign-on solution or build
>> one in house?
>>
>> We've met with the people from Tivoli and Computers associates
>> already. Other suggestions?
>>
>> 2- What if we go for a temporary in-house solution for next year and
>> get stuck with it as the portal and the number of applications starts
>> growing?
>>
>> My concern here is the potential of risk being blamed by the auditors
>> about an in-house development vs a well known product.
>>
>> The number of users of the portal will grow in the ten of thousands by
>
>> the end of next year. Robustness of the solution should also be a main
>
>> factor.
>>
>> The security of the project is taken care of by firewall, access list,
>
>> DMZ etc.
>>
>> The number of different application is already up to ten and the
>> portal is not even built yet. The deployment of the appliactions (all
>> web
>> based) should start as early as march 2003.
>>
>> Pre-requisites : We have to work with the fact that the environment is
>
>> IBM Websphere servers and the fact that we are already using LDAP for
>> authentication on some applications. No comments on that part please,
>> we have to live with it...
>>
>>
>>
>> ---
>>
>> Thanks!
>>
>> Marty
>>
>> ******************************************
>>
>> Pensée de la semaine : Comme pour l'esprit, rien n'est trop grand,
>> pour la bonté, rien n'est trop petit.
>>
>> Martin M Samson
>> Chef de projets,
>>
>>
>>
>
>
-----
Zed A. Shaw
http://www.zedshaw.com/
Received on Jan 10 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos