Wednesday, August 22, 2007

More on SSO between Sharepoint and Connections

View Comments
Here are the tree options that we came up with, thanks to the help of a co-worker Martin Lansche.

3 options:
1)  SPNEGO (2-4 weeks; most of the effort is having computers join the Active Directory domain)
    Pros:
        Full SSO between the desktop and the web applications.  Only one sign-on to the user's PC and they are logged on to all the web applications!!
        No extra coding (out-of-the-box functionality - in WAS v6.1)
        Bi-directional

    Cons:
        Need all user computers to join the Active Directory domain (will the customer let us?)

2)  HTTP Headers (1-2 week)
    Pros: 
        No need for computers to join a domain

    Cons:
        Needs to go to Sharepoint first
        Needs customization to Sharepoint
        Only works one way:  Sharepoint to WebSphere (users need to sign on to Sharepoint, then go to Connections)
        It's a hack - not secure... not how it would be done in production
   
3)  URL attributes  (1-2 week)
    Pros: 
        No need for computers to join a domain

    Cons:
        Needs to go to Sharepoint first
        Needs customization to Sharepoint
        Needs to develop code on the WAS side (custom TAI adapter)
        Only works one way:  Sharepoint to WebSphere (users need to sign on to Sharepoint, then go to Connections)
        It's a hack - not secure... not how it would be done in production
 
We are currently leaning on option #1.  Stay tuned...
blog comments powered by Disqus