PDA

View Full Version : Big Scale IT Integration Questions


|Zach|
10-08-2007, 06:34 PM
Got an interesting question. I am trying to ask it without giving away too many details. My good friend owns a small company in the area. A wellness resource that is sold to employers to pass on to their employees. As it stands now all of their members sign into their website to get to all of their information. Each user having a unique ID and password and all of that. They are on the verge of signing of a huge network in the area. 100k+ people. And this company wants to offer a "single sign on" type experience to their employees. So they would have to be able to get to all of the stuff on my friends site through their own site with one sign on. The guy that has done all of their programming and back end stuff is good but this is over his head. Where would they even have to start to try and figure out what they will need and what they will need to do to figure this thing out. They know it will take a lot of collaboration to from them and the company to make it work but they don't want to go to them and not have any clue how to attack this thing for fear of losing the deal.

Any help in this matter or anymore information I could give to help us out is really appreciated folks....pretty big deal to my friend.

Saulbadguy
10-08-2007, 06:42 PM
Hire a consultant.

ferrarispider95
10-08-2007, 06:48 PM
You are going to need examine their backend first and go from there.

Intranet? Internet?

What type of information does your friend's website provide?

ferrarispider95
10-08-2007, 06:50 PM
It can probably be done, but their is not much people will be able to tell you without knowing all the specifics.

Simplex3
10-08-2007, 06:50 PM
How sensitive is this data? Any cross-site auth mechanism is going to be vulnerable.

|Zach|
10-08-2007, 07:10 PM
How sensitive is this data? Any cross-site auth mechanism is going to be vulnerable.
From my friends site to their site? No. The other way? Yes.

|Zach|
10-08-2007, 07:12 PM
You are going to need examine their backend first and go from there.

Intranet? Internet?

What type of information does your friend's website provide?
Internet.

It provides a health and wellness information.

|Zach|
10-08-2007, 07:15 PM
Internet.

It provides a health and wellness information.
Although, it seems to me what is on my friends site doesn't really matter. It is basically like having a login to Chiefsplanet.com and wanting to be able to make it so if you logged into chiefsplanet you could also be logging into screwcarlpeterson.com

Saulbadguy
10-08-2007, 07:38 PM
Although, it seems to me what is on my friends site doesn't really matter. It is basically like having a login to Chiefsplanet.com and wanting to be able to make it so if you logged into chiefsplanet you could also be logging into screwcarlpeterson.com
LDAP identity vault

Simplex3
10-08-2007, 07:44 PM
We can assume the customer side login is Windows, yes? What is your friend's side? Also Windows or did he use something else? What programming language did he use?

Saulbadguy
10-08-2007, 08:08 PM
dont use a linux solution.

KC Jones
10-08-2007, 08:54 PM
It's actually pretty easy to validate a token from an external source or send one out. You can buy a really expensive product from Sun or Microsoft or roll your own. If you roll your own you might want to take a look at SAML. That's what we're using.

http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

Feel free to PM me if you want. I highly recommend you do this at an abstract level that does not rely upon the clients infrastructure. That way when the next big client comes in wanting SSO you can point them to the standard you're following and the implementation is on them. Our web apps currently handle > 3,000,000 users from 63 client organizations, several of which are accessed via SSO from the clients web applications.

KC Jones
10-08-2007, 08:55 PM
dont use a linux solution.


What does an OS have to do with SSO?