3 Jun
2008
3 Jun
'08
7:45 p.m.
Hi guys,
I'm currently evaluating possible frameworks to use for my Single Sign On
project (SSO).
ESOE [1] and OpenSSO [2] both very promising, but both have their pros and
cons. I didn't have a detailed look at JOSSO [3] yet.
ESOE is licensed under the Apache 2.0 license, supports Shibboleth and
OpenID (don't know yet which versions) and has authentication support for
LDAP, Active Directory, and many more (comming). It also has support for
multi-factor authentication. The downside of ESOE is that there isn't yet
any final version available. It also can't act as a OpenID identity provider
(OP) and needs an Apache module or IIS filter to act as an SAML provider.
OpenSSO on the other hand has full SAML 2.0 support, but lacks a bit
regarding OpenID which isn't supported by default. There is an extension
which allows OpenSSO to act as a OpenID 1.1 OP, but doesn't have RP support.
OpenID is licensed under Sun's Common Development and Distribution License
(CDDL).
So the next thing I'll do is to dig into JOSSO [3]. Do you know any other
framework which I should consider?
Regards,
Markus
--
[1] http://esoeproject.org
[2] http://opensso.dev.java.net
[3] http://www.josso.org