What could be recommended as a solution for authenticating a software product as a product?
In particular, my product would have customers who would usually have low IT skills, perhaps not even having an IT department in their organization. Anyway, I would like my application to authenticate against their internal directory service (eDirectory, Active Directory, etc.). However, I do not want them to have to open / forward ports (for example, open port 636 so that I can directly connect LDAPS with my directory service).
One of my ideas was to have an application installed on the server within my organization that would be connected to my service. It will be a stable socket. When I need to authenticate a user, I send the credentials via a socket (encrypted) - the application then binds / everything that is needed for authentication in the directory service and responds with OK / FAIL.
What would you suggest? My goal is for the client to essentially install the application on their network with very little configuration or interference.
source
share