Friday, July 17, 2009

Studying Single Sign-On approaches for SAP and Microsoft

In todays typical heterogenous enterprise IT environment, an end-user works with multiple IT products and applications which have varying authentication mechanisms. In such situations a well-desired functionality is to have Single Sign-On (SSO) enabled. The last days I (re)did some research into this area.
The concept of SSO has a direct and narrow relationship with Identity Management. At the area of IM several interesting new developments are lately either done or announced. Sun (almost Oracle nowadays) has its OpenSSO Enterprise flagship, Microsoft recently gave indepth insight into it's forthcoming "Geneva" initiative. Both technologies/products are representatives of the so-called Claims-Based Identity model. And the beauty is that both IM technologies conform to the Security Assertion Markup Language (SAML) federation standard as a basis for interoperability and ease of collaboration. In a joint co-operation, Sun and Microsoft have produced a whitepaper that discusses the interoperability possibilities between the 2 Identity Federation approaches, and gives answers on typical questions. Microsoft and Sun also have some working showcases to demonstrate the interoperability.
For the specific area of SSO in an heterogenous SAP / Microsoft IT landscape, the SAP-Microsoft alliance has an excellent overview whitepaper available: Unleash the Power of Single Sign-On with Microsoft and SAP. A sidemark is that this document appeared in september 2007. Later developments as the mentioned OpenSSO and "Geneva" are therefore not included. Still, to my opinion the whitepaper is not outdated, but simple no longer complete. The description and positioning of the included SSO approaches is still valid and useful. And you can easily complement yourself the 2007-temporal overview of SSO alternatives with the new technologies and products.
Tags: SAP NetWeaver Microsoft SharePoint integration interoperability SSO Identity Management IDM IAM SPNego OpenSSO

No comments:

Post a Comment