Alternative Solutions for Single Sign On?
Does anyone have any ideas on how to accomplish an easy single sign on (SSO) setup?
A little background: SendAlong is built using a sort of spoke and hub architecture – there’s one main server (the hub) and several secondary servers (the spokes). It’s worth mentioning that the secondary servers are far away from the database, so database access is slow, and therefore needs to be minimized and optimized like hell.
When a login occurs on the hub, the user will eventually spend some time on one of the spoke servers during the same session. Instead of the spoke prompting the user to log in again, the user’s credentials should be carried over to the spoke transparently (thus the SSO).
Any ideas on how to do this (easily)? SendAlong uses Acegi (Spring Security) for security, and right now I’m investigating CAS for SSO. CAS and Acegi seemingly integrate very nicely, although there’s a LOT of configuration required to make it happen. I’d be happier with a less complex, more limited in scope solution that I actually *understand*. That said, security is tough. No, security is really, really tough. So perhaps a simple solution isn’t in the cards.
All that to say – anyone have any ideas?
Enjoyed this post? Click to get future articles delivered by email or get the RSS feed.
