KLADROCK

 This is to share the experience of a cool project I completed recently. It is perfect integration to have users login to WordPress site, a web hosting solution, using WHMCS being a Web Hosting Billing & Automation Platform. We have a plan to extend this further to other web hosting solutions in use. For this particular integration we have two requirements. Users in WHMCS should be able to seamlessly login to Wordpress to manage it. If the user authenticated at WHMCS is already present in WordPress link them, else create a new user with the details received from WHMCS. We have the well known standard protocols used for similar scenarios based on SAML 2.0 ( http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html ) and OpenIDConnect 1.0 ( https://openid.net/connect/ ). Based on the future direction, wide usage and availability of plugins we selected OIDC(OpenID Connect) to go forward. There were whole lot of plugins available for us in this journey to select

  This was a very interesting project I did with a customer from Israel. They had already selected Shibboleth as the IDP for the solution, where they wanted to login to SAP Hana Cockpit and provide Single Sign-On with variety of other web applications they have. Main reason behind selection of Shibboleth has been free use being a free and open source software. I did setup an OpenLDAP instance for the user base with an structure selected based on the hierarchy they wanted and integrated it with Shibboleth first. SAP Hana Cockpit platform was new to me, but they had good documentation and with little effort could figure out on SAML based authentication they supported. Then we did the integration with Shibboleth which made the scenario complete as follows. User comes to login to SAP Hana Cockpit platform via it’s link. User is redirected to Shibboleth and provided it’s login screen. (We branded it.) User enters credentials which were validated against the OpenLDAP . (We are to have SMS b

Single Sign on(SSO) is everywhere and provides lot of convenience to users. Let me give you few more examples. Have you noticed that when we are logged into our Gmail account and go to Youtube within the same browser, we are automatically logged into Youtube without any further requests for user credentials or authentication.  In today's cooperate world with COVID-19 impact, employees and partners heavily use cooperate applications such as Zoom, Salesforce, Jira in working from home efforts. Authenticating once and letting them securely use all these cooperate applications in another productive use of Single Sign On. In the Education sector also, COVID-19 impact has made the students and teachers to heavily depend on online tools. At such occasion also Single Sign On integration among these educational applications such as Moodle, Office365, Yammer etc, provide lot of convenience. User convenience is not the only benefit of Single Sign on though. It provides a lot more convenience

With the COVID-19 impact and increase in working from home nature, I have received more and more requests for Single Sign On integrations, specially in the education domain and workforce authentication. I will share the evaluation details of the available vendors we considered and their pros and cons in a separate post. In this post I am share the details of the Single Sign On option provided by AWS. This has been very convenient due to several reasons. If you are thinking of installing an open source single sign on server for the purpose, this avoid all the installation efforts, maintenance etc. without much impact to the cost (of course might differ based on your resources and user base scales) It has a quite a decent set of features.  All the services under one roof. If your system is running on AWS already, this has the added advantage that your team is already familiar with dealing with AWS resources, logging facilities etc are integrated already. Let's jump into the deep wate