I am evaluating SSO solutions and am currently looking at OpenAM and JOSSO2
I am -extremely- new to SSO, OpenAM, JOSSO2 and am just now trying to learn what I need to learn.
My application will need to be able to authenticate users against at least two different identity stores.
- A local Database Store (Oracle, and to begin just a simple user/pass)
- Active Directory (with x.509 two-factor authentication requirement)
There are two classes of users, which would authentication against one or the other (and NEVER both).
It is possible to setup OpenAM or JOSSO2 to be able to handle such a scenario? In a previous job (life) I worked on a system that used JOSSO_1_ to accomplish this, but I am hoping for a more refined approach (e.g. less custom code) to this current product.
Identity stores are different from 'source of authentication' in OpenAM.
OpenAM offers a wide range of different authentication modules and also allows to use JDBC or LDAP as an implementation of a user data store.
Furthermore authentication as well as data store API is extendable, allowing to plug in your specific implementation if needed.