Hacker News new | comments | show | ask | jobs | submit login

Where I work we use something simple like kerberos/basic/digest/custom http header authentication on our apps, and then put Apache with mod_auth_form in front of it (or ISA server).

I even wrote an authentication reverse proxy[1] in java in my spare time, so I can use that to publish my apps, and have SSO across all of them (until BrowserID becomes mainstream that is). This way I centralized the cookie auth problem, and don't need to care about it in every app.

[1]http://p.r0xy.it/




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: