What are other schools doing to implement password security in SSO environments?
Hi, What we are looking for is a way to, at the Luminis logon, to check password expiration and/or force change if expired. The main issue is we cannot just use the built in Luminis password security because this will not propagate to the other systems.
passwords
Are your Luminis and other systems relying on an EAS (external authentication) or is Luminis LDAP your main form of authentication and other systems are pointing to that LDAP for their authentication?
What forms of SSO do you use? GCF, CAS, home built?
For us, we use pass through authentication for the most part. External systems are reached either with GCF or home built methods, and those external systems trust our apps, so they do not need to be aware of the user/pass information. It is irrelevant to the sso process.
It is typically much easier to maintain sso to applications by trust than by attempting to propagate credentials to every system you sso to.
Authentication with AD and SAF
We have Active Directory as our primary SSO system. We ran into the same problem. What do we do about password control. We decided to go with Sungard's Secure Authentication Framework. We are very happy with it. All of our password control is done using Luminis's password security. Active Directory is synced with the Luminis system so when a person changes their password in Luminis it changes in Active Directory. This also gave us the ability to use the Forgot Password option in Luminis which has really cut down the number of calls we have received.