Simple SSO - using custom authentication - CAS or some Oauth or openid server?
I'd like to know more about the different ways of solving Single Sign-On and their pros and cons. Have you worked with one particular solution, tell me what's good about it and tell me what the limitations or suboptimal parts are.
Below are the details of what I'd like to know, or don't understand.
SSO is a huge topic, as listed in the wikipedia. The more I learn the more questions I have.
First of all, I don't understand the need for token verifications of CAS, what is it good for?
Is it more secure? I guess it's vulnerable to man-in-the-middle attack like any. Should clients also use ssl?
Let's get real, this is our need: Automaticaly recognize/sign-in user if already logged in at one of our apps.
- my-php-app.com
- my-java-app.com
- my-ruby-app.com
(we have many webapps, written in different languages)
We want (to keep) our own authentication rules and users store, but might add some Oauth2 provider, as facebook-connect. We want it dead simple for the users and simple for developers using it.
What would you do?
- CAS?
- Openid? Can I have centralized authentication with it?
- Other? Or a server with OAuth?
On the client side, would you use an iframe, like lightbox, to show the redirected page? Why/Why not?
Yet another SSO related question: Saml is often (wrongly?) mixed into the SSO discussions - do I understand if I say that
a saml implementation would not provide sso (autologin) when pointing the browser to www.yetanother-myapp.com?
Some related SO questions I've studied:
- SSO with CAS or OAuth? - His need description is not what I want, he describes CAS...
- OpenID as a Single Sign On option? - Well, I'm not sure what I learned from it.
Thanks for educating me!