Hello Friends,

We've discussed SSO before. I would like to re-enhance the conversation with defined requirements, taking into consideration recent new developments.

In the past week I've been doing market research looking for answers to the following key issues:

The project should should be:

Requirements

• SSO solution for web applications.
• Integrates into existing developed products.
• has Policy based password security (Length, Complexity, Duration and co)
• Security Policy can be managed using a web interface.
• Customizable user interface (the password prompt and co. screens).
• Highly available (99.9%)
• Scalable.
• Runs on Red Hat Linux.

Nice to have

• Contains user Groups & Roles.
• Written in Java.
• Free Software (open source) solution.

None of the solutions came up so far are "killer choice" which leads me to think I will be tooling several projects (OWASP, AcegiSecurity + X??) hence this discussion.

We are ISV delivering front-end & backend application suite. The frontend is broken into several modules which should act as autonomous unit, from client point of view he uses the "application" - which leads to this discussion regrading SSO.

I would appreciate people sharing their experience & ideas regarding the appropriete solutions.

Some solutions are interesting

• CAS
• Sun OpenSSO Enterprise
• JBoss Identity IDM
• JOSSO
• Tivoli Access Manager for Enterprise Single Sign-On

Or more generally speaking this list

Thank you, Maxim.