You views on Bitcard SSO?
Peter Edwards
peter at dragonstaff.co.uk
Fri Feb 19 03:10:56 PST 2016
Ah that's quite a nice option Colin :)
A more expensive but simpler way to go if you don't want to roll your own,
is to pay for a service that does that for you. We looked at a few 2 years
ago and one that was okay was PingIdentity
https://www.pingidentity.com/en/products/pingfederate.html
At the time I commented to my colleagues we could set our own stuff up
around ADFS in Azure more cheaply (because of a large educational
discount). It does depend on your situation, user volumes and so on.
Regards, Peter
On Fri, 19 Feb 2016 at 10:56 Colin Newell <colin.newell at gmail.com> wrote:
> There are applications designed to provide an authentication server
> that can be dropped into place. Keycloak is the one I came across
> recently that allows you to provide your own OAuth authentication
> server. It also conveniently has a docker container image that makes
> it very easy to try quickly. Well as quickly as you can setup oauth2
> integration....
>
> http://keycloak.jboss.org/
> https://registry.hub.docker.com/u/jboss/keycloak/
>
> Note that this still isn't all that simple, but if you wanted to
> support OAuth2 from multiple providers but still allow users to sign
> up with your own authentication provider if they don't want to use
> their external account a solution using a server like that might be of
> use.
>
> As Peter says, there is no single answer, and definitely no simple
> answer when it comes to OAuth2 (try to avoid the original OAuth).
>
>
> Colin.
>
> On 19 February 2016 at 10:38, Peter Edwards <peter at dragonstaff.co.uk>
> wrote:
> > We looked about a year ago at how to do federated identity between a few
> > systems. One was C# with a custom (don't ask) version of SAML, one was
> > Drupal PHP and the underlying authentication provider was MS Active
> > Directory.
> > SAML and OAuth2 solve different kinds of problem and present different
> types
> > of difficulty. There are plenty of good decks on slideshare.net that go
> into
> > this.
> > Because we were doing a client side Single Page Application which needed
> the
> > authentication then routing of service API calls from REST to a SOAP XML
> > backend, it turned out easiest for us to use OAuth2 and do mapping in an
> > integration platform on MS Azure to SAML 2.0 make the different systems
> work
> > together.
> > As Tom says, there is no single simple answer. It depends what you're
> trying
> > to do, what components you've already got and who your audience is
> > (internal, external) and what application they are using, e.g. is it a
> > chromebook, mobile app, corporate desktop.
> > Cheers, Peter
> >
> > On Fri, 19 Feb 2016 at 10:26 Tom Hukins <tom at eborcom.com> wrote:
> >>
> >> On Fri, Feb 19, 2016 at 09:43:17AM +0000, Peter Edwards wrote:
> >> > I'd suggest using OAuth2 and either running your own provider or
> >> > hanging it off Google/MS Live/github depending who your audience is.
> >>
> >> Everyone I know who has tried to support OAuth2 has found the experience
> >> painful.
> >>
> >> This brief talk shows why people find it confusing:
> >> https://www.youtube.com/watch?v=xeGxGnSkSdQ
> >>
> >> I don't have a good answer to Andy's question unfortunately. I doubt
> >> anyone outside the Perl community uses Bitcard, so it doesn't provide
> >> SSO for most people. If you need SSO, you probably want OAuth, but if
> >> you don't, avoid the hassle.
> >>
> >> Tom
> >> _______________________________________________
> >> MiltonKeynes-pm mailing list
> >> MiltonKeynes-pm at pm.org
> >> http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
> >
> >
> > _______________________________________________
> > MiltonKeynes-pm mailing list
> > MiltonKeynes-pm at pm.org
> > http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/miltonkeynes-pm/attachments/20160219/39e1b612/attachment.html>
More information about the MiltonKeynes-pm
mailing list