Menu
There are several different web services -- various technologies used, such as Java, .NET, Python, Perl, and possibly more in the future -- belonging to different organizations, and the access to those web services has to be restricted.
The idea is to have a central authentication and authorization server, only responsible for granting access to each WS.
I'm looking for a Single Sign On system in which the user authenticates once with the auth server and is granted access to the web services for a limited timespan.
The security requirements are high, so a username/password set isn't enough.
In a quick search I found many different solutions and approaches to the problem, but I don't know the best one for this case -- a technology independent, secure and reliable solution.
475
We did a big research on the subject and couldn't find a suitable solution too. (One nearly good solution, but not so much for webservices is http://www.atlassian.com/software/crowd/)
So we developed a sso and central user management system too for our WS applications (also third party apps) but it's not for sale.
If you test solutions, you should check the performance of the systems, special under load. In the beginning our systems were 30 times slower. Normally you'll find the slow down in the xml parsing and the number of request you have to do (normally where you had one request in the future you'll have at least 4). (We use jmeter to test it.) And you should setup fail over systems, because you'll create a single point failure with sso.
156
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
