Gluu Blog

Follow us:
Back to Blog

Federated Single Sign-On: How to Make it Work for the Web

Michael Schwartz August 7, 2013

For federated single sign-on (sso) to work on the web, it needs to be brain-dead easy for web developers.

Asking developers to implement OpenID Connect is not the answer for everyone, although with better high level libraries, this will hopefully become easier. Also, I think it’s widely understood that not all domains will want to rely on external authentication service providers.

While everyone knows passwords suck… responsible for 80% of Internet security breaches… the answer is sometimes just “better authentication.”

The OX open source access management platform lets you use open source software to launch your own IDP that implements the OpenID Connect standard — the same protocol being adopted by Google.

So don’t knock federated login just because you want to hold your own secrets… make sure you align with the standards so web developers won’t have to learn your (probably insecure) proprietary authentication API.

Also, take a look at UMA if you want to go beyond authentication, and use OAuth2 for authorization!

A great tool for developers would be to use an Apache plugin to protect their application. This is the reason Gluu started a Crowdtilt campaign to fund “UMA and OpenID Connect Plugins for Apache.” 

We’re nearing the deadline for funding this plugin and any and all contributions are greatly appreciated.

Learn more about benefits we’re offering to corporate contributors.

Be sure to subscibe to
our RSS Feed

Mike Schwartz

Mike has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a featured speaker at RSA Conference, Gartner Catalyst, Cloud Identity Summity (now "Identiverse") and many other security conferences around the world.

Reader Interactions