single-sign-on

问题 I am looking to implement SSO in all my future php/angular applications. I see there are services (Auth0, oauth.io, etc) that are sort of the middle man of an SSO app and there are protocols such as OAuth 1.0/2.0 but in regards to creating a custom SSO solution (using aforementioned OAuth protocols, I assume), I am a little foggy on the complete flow of the process. What I do get: App gets Access Token (optional) App validates Access Token App (with Access Token) gets access to a particular

问题 I keep on facing this question from my manager how SSO will work if client disable cookies but I don't have any answer. We are currently using JOSSO for single sign on. Do we have any open source framework which support single sign on without using cooking mechanism. 回答1: In the absence of cookies, you're going to have to embed some parameter in each url request. e.g. after logging in you assign some arbitrary id to a user and embed that in every link such as http://mydomain.com/main

问题 Apache Shiro is a Java security framework and support SSO. And I have multiple sub-domains, each of which has separate application running. How can I use Apache Shiro web filters(or any other) to provide single sign on. Should I need a SSO server or service (like CAS?) before I use Apache Shiro ? Or Apache Shiro do not need SSO server or service (like CAS) ? Thanks 回答1: I am not Shiro expert, but I will try to help you. According to my understanding Shiro does not provide SSO service out of

问题 I've configured an app on the adfs relying party trusts, so I can login using adfs/sso. After that i'va installed simplesamlphp to deal with that login, and process the response saml. this is my authsources config: 'myauth' => array( 'saml:SP', 'idp' => 'http://domain/adfs/services/trust', 'privatekey' => 'saml.key', 'certificate' => 'saml.crt', ), but after the login, on the return post i get the following error: Exception during login: sspmod_saml_Error: Requester/InvalidNameIDPolicy

问题 We have SAML-based single sign-on (SSO) enabled between our company's Intranet Portal and Box so that the users do not use username and passwords to login to Box.com. They just click on a button on Intranet Portal which posts a SAML assertion to Box.com to authenticate. We would like to provide the ability to our users to search their Box documents directly from the Intranet Portal and the Box.com API looks like a perfect fit. However, it requires OAuth access token. The question is: Is there

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago . What are your recommendations for a basic, centralized identity management/SSO service? It must be open source, have a pluggable identity manager (eg: LDAP, DB, openID, etc.) and provide a decent range of API access options (eg: web services, REST, etc.). It must also be clusterable for high availability. JOSSO?

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago . What are your recommendations for a basic, centralized identity management/SSO service? It must be open source, have a pluggable identity manager (eg: LDAP, DB, openID, etc.) and provide a decent range of API access options (eg: web services, REST, etc.). It must also be clusterable for high availability. JOSSO?

问题 I've implemented SSO using Spring SAML and everything is working fine. It worked with the following IDP's till now: 1) idp.ssocircle.com 2) openidp.feide.no Now I'm testing with salesforce.com as my Identity Provider. As there is no provision to upload Service Provider Metadata I've done the following configuration settings at its IdP: Gave my entityID and Assertion Consumer Service URL. I also uploaded my SP certificate. I've downloaded its metadata (idp metadata) which is as follows (hiding

问题 so our organization is developing some new web apps using asp.net mvc and web api. we decided to not use active directory for authentication/authorization purposes so it looks like asp.net identity with entity framework might work. looking at the database schema i don't see an applications table so we can have one central repository for user credentials and application access. is this where claims come in? how would that look; user -> app -> role -> permissions also, one of our goals is to

问题 Can anyone explain to me what the main differences between SP initiated SSO and IDP initiated SSO are, including which would be the better solution for implementing single sign on in conjunction with ADFS + OpenAM Federation? 回答1: In IDP Init SSO (Unsolicited Web SSO) the Federation process is initiated by the IDP sending an unsolicited SAML Response to the SP. In SP-Init, the SP generates an AuthnRequest that is sent to the IDP as the first step in the Federation process and the IDP then