Federated Single Sign-On: How to Make it Work for the Web
For federated single sign-on (sso) to work on the web, it needs to be brain-dead easy for web developers.
Asking developers to implement OpenID Connect is not the answer for everyone, although with better high level libraries, this will hopefully become easier. Also, I think it’s widely understood that not all domains will want to rely on external authentication service providers.
While everyone knows passwords suck… responsible for 80% of Internet security breaches… the answer is sometimes just “better authentication.”
The OX open source access management platform lets you use open source software to launch your own IDP that implements the OpenID Connect standard — the same protocol being adopted by Google.
So don’t knock federated login just because you want to hold your own secrets… make sure you align with the standards so web developers won’t have to learn your (probably insecure) proprietary authentication API.
Also, take a look at UMA if you want to go beyond authentication, and use OAuth2 for authorization!
A great tool for developers would be to use an Apache plugin to protect their application. This is the reason Gluu started a Crowdtilt campaign to fund “UMA and OpenID Connect Plugins for Apache.”
We’re nearing the deadline for funding this plugin and any and all contributions are greatly appreciated.
Subscribe to Get News and Product Updates
our RSS Feed