I have three different web applications(existing applications).
I need to implement SSO for these applications.
I am planning to implement a LDAP server and CAS for SSO.
The three applications have their own user creation and role assignment.(The role creation in all the applications are dynamic).
As a beginner, I have the following questions:
- Should I create the user in the LDAP directory under different organizations when a user is created in any of the three application? How do I add role to the user for each application in this case?
- Is it good to manage the roles and privileges at the independent application itself since the role is dynamic?
You cannot implement SSO with an LDAP bind but with Kerberos. The notion of SSO is that the user signs in only once into his workstation and not over and over again. LDAP bind does not has this notion.