Geneva “Single Sign On” | Part Two Geneva Series

Have you ever tried single sign on, if not you might be from Mars… :D (nope just kidding)

Single Sign on (SSO) is a way to authenticate the user with same claim for many systems. If you heard about live id.. you can login into many system started from mail system, blog system, commerce system, or even our beloved geeks comunity site can use the SSO with live id. Thorugh live id user can only remember one user name and password…and he can login into many systems that use same SSO module.

Building SSO module in the past is somewhat chellenging, using CAPICOM and certificate related security..and it’s come with houndred thousand boiler plate code to create such a module. this effort is eliminated in the past by Microsoft through the development of Microsoft Passport SDK and then evoluted into Live Authentication SDK. But why such a technology is not booming, the answer is simple… it’s only from and just for Microsoft platform. forget it if you want use Passport SDK in non MS platform, you will be come into hospital because of thypes and Microsoft don’t even pay for your doctor.

Fortunately Microsoft now build a sophisticated technology which is developed through avalaible standard (SAML, WS-*) for authentication purpose and its called Codename: Geneva. In my previous article i said there are a lot Geneva feature..and one of the cool feature is passive sts model like SSO module. Although Geneva provide a good wrapper API, you might be found difficulties to develop and learn how to create SSO module in Geneva. This blog will give you a simple wlakthrough how to build SSO module with a help of open source starter called starter STS. oke let’s get started.

Download the startersts here. StarterSTS is an open source library and web site starter to creating STS implementation through Geneva. StarterSTS have a great ability to use ASP.NET database profile in order to store the user and its profile
In optional you can configure and install the Starter STS, by seeing their screencast (see it in aboove link). In order to make it work don’t forget to use SSL for this site (using openSSL for WinXP or SSL self certificate in IIS 7).

You can create a user whether using ASP Web Management, or you can add the user through IIS 7 .NET user. Beside user you can add roles like “administrator”, “subscriber”, or “approved user”

Another imprortant things is to add the user profiles. this profiles can be adopted as claim in Geneva environment
You can also add as many as you want user profiles. This user profiles can be anything that valuable for your relying party (you can read about relying party in my first post)

After that in the startersts you can add the Claim with the Schema. You can add the claim as many as possible and mapped the claim into the .NET user profile

In Relying party site (RP Site) in this case is a web that consume the passive STS, you can choose the claim which is used or not used. This can be done easily with Geneva tools that can be installed in Visual Studio 2008 (download the latest sdk) or simply edit the xml config

And that’s it! whenever you site need an authentication, the RP site will forwarded into the sts site just like the SSO module in Live ID. Furthermore the claim you need to read can be achieved thorugh the code. for example iff your site using npwp as username you can get username by doing this.