Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 069ABDBC0 for ; Tue, 11 Sep 2012 06:17:02 +0000 (UTC) Received: (qmail 53844 invoked by uid 500); 11 Sep 2012 06:16:59 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 53521 invoked by uid 500); 11 Sep 2012 06:16:57 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 53473 invoked by uid 99); 11 Sep 2012 06:16:55 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Sep 2012 06:16:55 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of satyaprakash.prasad@gmail.com designates 209.85.212.45 as permitted sender) Received: from [209.85.212.45] (HELO mail-vb0-f45.google.com) (209.85.212.45) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Sep 2012 06:16:50 +0000 Received: by vbip1 with SMTP id p1so216998vbi.18 for ; Mon, 10 Sep 2012 23:16:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=8nIJDEkmzzZjmCppZTpUtSjMKTXNKvie061IRXmqpOs=; b=bMmxpuVX75ke79WULOxIQ3xrqyTzHmJEyQ5AdQlFXs1ZdO2QDqmBN2UAW3/q5Wo51S wlkTxDeRje2FNVAcLltJXRPmQgmFKvNf7E7jaXfAjX51nMEw/TrOfUhTyocV3GexcSAf cWzCxnzXKMUf9MFZ0pkIYxG1nUJ6VcLFJvBs3gAudcryBOrPY93jaV4IXD54PVPbC656 3KYp68/+cJL18gs2S2vXJTlhPlG6jFvPXFVeHbZZSXEVHjIC8A1pzQvq6QkqOKyr0wQx 2IjL6TK/eH2GSZk9YMaLlE0O2ZBCZB6AG/8qFo+ycCub8sTDiLi1/Ns8d+2l8yLx6g6Y 0Y2Q== MIME-Version: 1.0 Received: by 10.58.247.165 with SMTP id yf5mr25370209vec.50.1347344189824; Mon, 10 Sep 2012 23:16:29 -0700 (PDT) Received: by 10.58.237.104 with HTTP; Mon, 10 Sep 2012 23:16:29 -0700 (PDT) In-Reply-To: <504E00FA.9030807@catseye.org> References: <504DE5FA.6010301@catseye.org> <20120910150329.696bf782@baldur> <504E00FA.9030807@catseye.org> Date: Tue, 11 Sep 2012 11:46:29 +0530 Message-ID: From: Satya Prakash Prasad To: users@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] WAMP SSO Thanks to all for the information and details as provided. I would try to explore the various options provided in the discussion. Kindly note that I need to implement it on WAMP as mentioned earlier (Windows, Apache, MySQL and PHP). The one option I may request upon is that does Apache itself does not provide modules / mechanism to implement SSO? Thanks in advance. Regards, Prakash On Mon, Sep 10, 2012 at 8:32 PM, Mark Montague wrote: > On September 10, 2012 10:03 , Nick Kew wrote: >>>> >>>> I need to implement SSO (Single Sign On) for a tool to be launched for >>>> people of our organization only. >>> >>> For true SSO solutions, look at >> >> Any strong reason to prefer those to worldwide initiatives >> such as OpenID/OpenAuth? > > > Mostly because I didn't think of them :) But, now that you've asked: > > My understanding is that most of the following features offered by > cosign/PubCookie/CAS are not offered by OpenID/OpenAuth: > * Centralized Single Log Out. > * Per-site forced reauthentication (e.g., when user's IP address > changes, or when they access a particularly sensitive resource) > * Per-site multi-factor authentication (including hardware tokens, X.509 > client certificates, etc.) > * Idle time outs (require reauthentication after, say, 2 hours of no > pages being requested). > * Hard time outs (require reauthentication, say, every 24 hours or every > week, regardless of activity) > * Credential proxying to back-end services (other web servers, IMAP, > LDAP, databases, etc.) > > Regardless of the above, OpenID/OpenAuth may be a fine choice for the > original poster, depending on his requirements, particularly if he sets up > his own OpenID provider rather than using an external provider such as > Google or Yahoo. > > -- > Mark Montague > mark@catseye.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org