from LDAP to Single Signon (sso)
I have installed and am reviewing a number of clients that authenticate against LDAP (DocMgr, Redmine, MediaWiki), each for their specific strengths. I would like to acheive single sign-on, where users authenticate once and can move between the clients without logging into each client, even if the credentials are the same.
What would it take for this to be possible?
I think I would have to (1) modify each client to use some sort of common cookie, or (2) integrate something like JOSSO or OpenSSO into each app.
RE: from LDAP to Single Signon (sso) - Added by Pat Patterson about 10 years ago
I do have something of a bias (disclosure - I am http://blogs.sun.com/superpat/), but I would definitely recommend (2). OpenSSO (and probably JOSSO, too) can be configured to set the REMOTE_USER variable, which many web applications can consume. In fact, you can configure an OpenSSO agent to set any variable with the username or any other attribute.
I just did a quick Google on REMOTE_USER Redmine and came up with http://www.redmine.org/boards/2/topics/show/931 - that shows a way to get Redmine to use external authentication.