Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [single-sign-on]

Single Sign On is a technology that allows a single login to be transparently used with multiple applications and environments.

Single Sign On (SSO) is a technology that allows the transparent use of a single username and password in multiple security domains. They're commonly used as part of a greater framework which unites otherwise separate systems into a single virtual login domain. SSO systems may be purely web-based, or client-based.

A variety of technologies can be used to build SSO systems.

339 questions
48
votes
4 answers

How does SSO with Active Directory work whereby users are transparently logged in to an intranet web app?

I'm told that it's possible to make a web application that does not require a login. The user logs in to Windows, which authenticates via an Active Directory (LDAP) Lookup. Then, they should be able to go to my webapp and never see a login prompt.…
blak3r
  • 721
  • 1
  • 11
  • 16
28
votes
6 answers

Google Chrome: passthrough Windows authentication

The I.T. dept is considering allowing installation and automated deployment of Google Chrome browser to 100+ desktops. One of the requirements is for domain credentials to be passed through. The desired behaviour is the same as Internet Explorer. An…
p.campbell
  • 4,397
  • 6
  • 40
  • 51
21
votes
5 answers

How practical is it to authenticate a Linux server against AD?

We utilise both Windows and Linux server at our software development company. One of the friction points with this setup is that we don't have a single sign-on solution. Being more of a Microsoft shop than a Linux one we want to authenticate…
Philip Fourie
  • 537
  • 2
  • 6
  • 13
18
votes
3 answers

Using SAML authentication within nginx

I want to restrict access to some static content, served using nginx, using an existing SAML 2.0 IdP. (In Apache, this would be done with a module such as mod_mellon or mod_auth_saml) What is the best way to use SAML authentication for static…
Thaeli
  • 1,186
  • 1
  • 7
  • 11
14
votes
7 answers

Google Apps, AD and SSO

We're a small shop running Google Apps (Enterprise) for our email needs. Love it. Internally, we're using Windows AD (2003). No complaints there either. I'd like to get some method of SSO going between AD and Google Apps such that AD is the only…
Chris_K
  • 3,434
  • 6
  • 41
  • 45
13
votes
4 answers

Can I use Office365 or Azure AD as master record for Active Directory?

We have a small business and currently don't have a need for a domain within our office. We have a basic network and a single server running Windows Server 2008 R2 with some file shares and 3rd party apps. We use Office 365 and have a Windows Azure…
Adrian Hope-Bailie
  • 255
  • 4
  • 8
12
votes
3 answers

Apache mod_auth_kerb and LDAP user groups

I've been considering deploying mod_auth_kerb on our internal web servers to enable SSO. The one obvious problem I can see is that it's an all-or-nothing approach, either all your domain users can access a site or not. Is it possible to combine…
Kamil Kisiel
  • 11,946
  • 7
  • 46
  • 68
11
votes
4 answers

Apache Bad Request "Size of a request header field exceeds server limit" with Kerberos SSO

I'm setting up an SSO for Active Directory users through a website that runs on an Apache (Apache2 on SLES 11.1), and when testing with Firefox it all works fine. But when I try to open the website in Internet Explorer 8 (Windows 7), all I get is…
Aurelin
  • 329
  • 2
  • 4
  • 10
10
votes
7 answers

Can a Linux server serve as a Domain Controller for Windows Machines?

In a small office setup (5-6 employees) we have seven Windows XP and Windows Vista clients, as well as a couple of linux servers. Is it possible to set up a linux machine to act as the domain controller to provide single signon and AD-like…
kdmurray
  • 549
  • 2
  • 8
  • 19
8
votes
3 answers

Can ADFS connect to other SSO services?

I have a .net application that's wired up to my local ADFS server (connected to our corporate AD server) and everything is working fine. My question is, can my ADFS establish a trusted connection to additional SSO services out on the internet like…
RichC
  • 295
  • 1
  • 3
  • 7
8
votes
2 answers

Is single sign on with LDAP still recommended today to integrate a bunch of open source tools?

We are leading an exercise with a public institution to install different open source tools for them to experiment and see what suits them most. Thus, we are installing: a wiki (dokuwiki) mediagoblin gnu social etherpad ethercalc and possibly…
transient_loop
  • 459
  • 1
  • 4
  • 11
8
votes
1 answer

What is the SAML Assertion Consumer URL for an AD FS 2.0 Service Provider

I am configuring a service provider to use SSO authentication. I will be using AD FS 2.0 for this. What is the URL for the SAML Assertion Consumer that I need to give to the IdP? I think it may be something like one of…
Colin
  • 89
  • 1
  • 1
  • 3
7
votes
3 answers

Purpose of the x509 certificate in metadata files on the IdP side (SSO structure)

In order to implement SSO, I have been working with some IdP and a Shibboleth SP install without being able to answer this question. On the IdP side I have a few metadata files that describes some applications. Those files can contain a certificate,…
user72691
  • 171
  • 1
  • 1
  • 4
7
votes
3 answers

Single-Signon options for Exchange 2010

We're working on a project to migrate employee email from Unix/open-source (courier IMAP, exim, squirrelmail, etc) to Exchange 2010, and trying to figure out options for single-signon for Outlook Web Access. So far all the options I've found are…
freiheit
  • 14,334
  • 1
  • 46
  • 69
7
votes
2 answers

SSO solution and centralized user mgmt for about 10-30 Ubuntu machines?

I'm looking for a clean way to centralize user management. The setup: About 10-30 linux machines (Ubuntu 10.04 LTS server) Maybe 10-30 users for now. The requirements (hopes and expectations): A single place for the administrator to manage user…
tuomassalo
  • 738
  • 2
  • 8
  • 22
1
2 3
22 23