Moving between sites using SAML
I’m tasked with developing an SSO system, and was guided towards using the SAML spec. After some research I think understand the interaction between a Service Provider and an ID Provider and how a user’s identity is confirmed. But what happens when I redirect the user to another Service Provider? How do I ascertain the user’s identity there? Do I send his SAML assertion tokens along with the redirect request? Or does the second Service Provider need to contact the ID Provider all over again?
Securing credentials passed to web service
I’m attempting to design a single sign on system for use in a distributed architecture. Specifically, I must provide a way for a client website (that is, a website on a different domain/server/network) to allow users to register accounts on my central system.
Single sign on if you do not have control of one or more of the client/web apps?
I have a customer who has a client app and when they log in to their client app, they will see a link to my website. When they click on the link, it should log in them in automatically to the website without asking for the credentials. Is this only possible if the username/password are the same between the client app and the website? Also, what if the username/password is not known for the client app? How is this handled? I have heard of technologies such as openId, oAuth, etc, but these don’t seem to fit my scenario where there is an existing client app that already has a membership base and it not needs access to my website.
Single sign on if you do not have control of one or more of the client/web apps?
I have a customer who has a client app and when they log in to their client app, they will see a link to my website. When they click on the link, it should log in them in automatically to the website without asking for the credentials. Is this only possible if the username/password are the same between the client app and the website? Also, what if the username/password is not known for the client app? How is this handled? I have heard of technologies such as openId, oAuth, etc, but these don’t seem to fit my scenario where there is an existing client app that already has a membership base and it not needs access to my website.
Single sign on if you do not have control of one or more of the client/web apps?
I have a customer who has a client app and when they log in to their client app, they will see a link to my website. When they click on the link, it should log in them in automatically to the website without asking for the credentials. Is this only possible if the username/password are the same between the client app and the website? Also, what if the username/password is not known for the client app? How is this handled? I have heard of technologies such as openId, oAuth, etc, but these don’t seem to fit my scenario where there is an existing client app that already has a membership base and it not needs access to my website.
Single sign on if you do not have control of one or more of the client/web apps?
I have a customer who has a client app and when they log in to their client app, they will see a link to my website. When they click on the link, it should log in them in automatically to the website without asking for the credentials. Is this only possible if the username/password are the same between the client app and the website? Also, what if the username/password is not known for the client app? How is this handled? I have heard of technologies such as openId, oAuth, etc, but these don’t seem to fit my scenario where there is an existing client app that already has a membership base and it not needs access to my website.
Single sign on if you do not have control of one or more of the client/web apps?
I have a customer who has a client app and when they log in to their client app, they will see a link to my website. When they click on the link, it should log in them in automatically to the website without asking for the credentials. Is this only possible if the username/password are the same between the client app and the website? Also, what if the username/password is not known for the client app? How is this handled? I have heard of technologies such as openId, oAuth, etc, but these don’t seem to fit my scenario where there is an existing client app that already has a membership base and it not needs access to my website.
Single sign on if you do not have control of one or more of the client/web apps?
I have a customer who has a client app and when they log in to their client app, they will see a link to my website. When they click on the link, it should log in them in automatically to the website without asking for the credentials. Is this only possible if the username/password are the same between the client app and the website? Also, what if the username/password is not known for the client app? How is this handled? I have heard of technologies such as openId, oAuth, etc, but these don’t seem to fit my scenario where there is an existing client app that already has a membership base and it not needs access to my website.
Single sign on across subdomains, questions about a design
Problem Statement:
How can I build a seamless login for multiple sites using OAuth2?
The question is admittedly a bit leading, but what I mean to ask is: