Federated single sign on how to make it work for the web
1. FEDERATED SINGLE SIGN-ON: HOW TO MAKE IT WORK FOR THE
WEB
For federated single sign-on (sso) to work on the web, it needs to be brain-dead easy for
web developers.
Asking developers to implement OpenID Connect is not the answer for everyone, although
with better high level libraries, this will hopefully become easier. Also, I think it’s widely
understood that not all domains will want to rely on external authentication service
providers.
While everyone knows passwords suck… responsible for 80% of Internet security breaches…
the answer is sometimes just “better authentication.”
The OX open source access management platform lets you use open source software to
launch your own IDP that implements the OpenID Connect standard — the same protocol
being adopted by Google.
2. So don’t knock federated login just because you want to hold your own secrets… make
sure you align with the standards so web developers won’t have to learn your (probably
insecure) proprietary authentication API.
Also, take a look at UMA if you want to go beyond authentication, and use OAuth2 for
authorization!
A great tool for developers would be to use an Apache plugin to protect their application.
This is the reason Gluu started a Crowdtilt campaign to fund “UMA and OpenID Connect
Plugins for Apache.“
We’re nearing the deadline for funding this plugin and any and all contributions are greatly
appreciated.
Article Resource:- http://gluu.jimdo.com/federated-single-sign-on-how-to-make-it-workfor-the-web