Problem: we have several dozen applications in our environment scattered across dozens of servers. Some applications are protected by / db form-based one-time inputs. Some applications have permissions defined in web.config. Some applications have NTFS permissions set at the folder level (some with domain user accounts, some with local user accounts for external users). Needless to say, this is an absolute mess.
The SSO solution is definitely fine, but should I build it, use an existing FOSS or buy one (and if so, which ones?)
I need to be able
- authenticate once through entering the form and, of course, the login token will be transferred from server to server.
- mixed and matching domain accounts (preferred) and creating db table accounts for external users
- have centralized role / rights management.
- in situations where users authenticate with an AD / domain account, use the same account to allow any application that they use to connect to the database using integrated authentication.
- the portal will be pleasant
If someone provides any direction, I would be very obliged.
source
share