You views on Bitcard SSO?

Colin Newell colin.newell at gmail.com
Fri Feb 19 02:56:38 PST 2016 

There are applications designed to provide an authentication server
that can be dropped into place.  Keycloak is the one I came across
recently that allows you to provide your own OAuth authentication
server.  It also conveniently has a docker container image that makes
it very easy to try quickly.  Well as quickly as you can setup oauth2
integration....

http://keycloak.jboss.org/
https://registry.hub.docker.com/u/jboss/keycloak/

Note that this still isn't all that simple, but if you wanted to
support OAuth2 from multiple providers but still allow users to sign
up with your own authentication provider if they don't want to use
their external account a solution using a server like that might be of
use.

As Peter says, there is no single answer, and definitely no simple
answer when it comes to OAuth2 (try to avoid the  original OAuth).


Colin.

On 19 February 2016 at 10:38, Peter Edwards <peter at dragonstaff.co.uk> wrote:
> We looked about a year ago at how to do federated identity between a few
> systems. One was C# with a custom (don't ask) version of SAML, one was
> Drupal PHP and the underlying authentication provider was MS Active
> Directory.
> SAML and OAuth2 solve different kinds of problem and present different types
> of difficulty. There are plenty of good decks on slideshare.net that go into
> this.
> Because we were doing a client side Single Page Application which needed the
> authentication then routing of service API calls from REST to a SOAP XML
> backend, it turned out easiest for us to use OAuth2 and do mapping in an
> integration platform on MS Azure to SAML 2.0 make the different systems work
> together.
> As Tom says, there is no single simple answer. It depends what you're trying
> to do, what components you've already got and who your audience is
> (internal, external) and what application they are using, e.g. is it a
> chromebook, mobile app, corporate desktop.
> Cheers, Peter
>
> On Fri, 19 Feb 2016 at 10:26 Tom Hukins <tom at eborcom.com> wrote:
>>
>> On Fri, Feb 19, 2016 at 09:43:17AM +0000, Peter Edwards wrote:
>> > I'd suggest using OAuth2 and either running your own provider or
>> > hanging it off Google/MS Live/github depending who your audience is.
>>
>> Everyone I know who has tried to support OAuth2 has found the experience
>> painful.
>>
>> This brief talk shows why people find it confusing:
>> https://www.youtube.com/watch?v=xeGxGnSkSdQ
>>
>> I don't have a good answer to Andy's question unfortunately.  I doubt
>> anyone outside the Perl community uses Bitcard, so it doesn't provide
>> SSO for most people.  If you need SSO, you probably want OAuth, but if
>> you don't, avoid the hassle.
>>
>> Tom
>> _______________________________________________
>> MiltonKeynes-pm mailing list
>> MiltonKeynes-pm at pm.org
>> http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
>
>
> _______________________________________________
> MiltonKeynes-pm mailing list
> MiltonKeynes-pm at pm.org
> http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
>

More information about the MiltonKeynes-pm mailing list