Single Sign On for Windows
miniOrange Single Sign On server provides a solution to authenticate in your application after you authenticate in Windows domain.

miniOrange SSO Server for Windows Single Sign on


miniOrange SSO server allows you to login to your application after you authenticate yourself in Windows domain. This is based on Kerberos single sign on and is based on the same credentials but without the need to type in a password again. miniOrange uses Kerberos v5 authentication for Integrated Windows authentication(IWA). Kerberos is an industry-standard authentication protocol that is used to verify user or host identity. Also Kerberos is the default method of network authentication for services in Windows Server. The following scenarios are supported:

1. Target application is deployed in a Windows environment with Active Directory, but no federation services (ADFS).
2. Target application is deployed in a Windows environment where Active Directory Federation Service is enabled.
3. Target application is deployed in a Linux/Unix environment.

Scenario 1: Target application is deployed in a Windows environment with Active Directory, but no federation services (ADFS).


In this scenario, the Target application is deployed on an IIS Server on a Windows machine. The application is set to use Windows Authentication and this establishes trust between the IIS Server and the Active Directory. Kerberos token is used to login the user into the Target application.


Scenario 2: Target application is deployed in a Windows environment where Active Directory Federation Service is enabled.


In this scenario, Active Directory Federation Service(AD FS) is deployed for federation and sign on into the Target application. AD FS is setup to use Windows Authentication with domain credentials and this establishes trust between AD FS and the Active Directory. Login requests are redirected to AD FS, which uses the Kerberos token to login the user into the Target application.


Scenario 3: Target application is deployed in a Linux/Unix environment


In this scenario, Target Application is deployed over an Apache server on a Linux machine. Trust is established between a Proxy Server and the Active Directory. All requests to the target application are forwarded to the Proxy Server for authentication. Due to the trust between the Proxy Server and the Active Directory, Kerberos Token is passed to the Proxy Server and used to login the user into the Target application.



Business trial for free

If you dont find what you are looking for, please contact us at info@miniorange.com or call us at +1 978 658 9387 to find an answer to your question about Single Sign on or Strong Authentication.