SharePoint 2007 Authentication and SSO

  • Article

Q: Does WSS v3 support authentication using non-Active Directory directory sources or is MOSS required?  I received this question based a previous blog.  The specific customer is using Sun 1 LDAP store for a SharePoint 2007 extranet scenario.

This is a really good question because the devil is in the details as they say.  WSS v3 is SharePoint's foundation and since it is integrated with ASP.NET v2 it can utilize the ASP.NET's Authentication Provider Model.  Therefore, both WSS v3 and MOSS support pluggable authentication.  The key is that MOSS provides an OOTB LDAP provider and WSS v3 does not.  So for a WSS v3 scenario only, you would have to develop your own.

Q: Does MOSS's authentication extenibility include pluggable SSO providers?  Of course, but this is a much tougher road.  I have a 2 customers looking at 3rd party SSO and SharePoint.  For those interested in created a custom SSO, you can check out this article:

Walkthrough: Implementing a Pluggable SSO Provider

Keep in mind that this is NOT a Web SSO.  This is a service for storage and mapping of credentials for use in connecting currently authenticated users with another system.

Q: How do I integrate SharePoint with a WebSSO provider?  There is an excellent blog by Daniel discussing the integration of ASP.NET and SiteMinder.  Daniel mentions that this was not that tough and "the only thing that must be done (beside the installation and configuration of the Web Agent, Policy Server, etc, of course) is to extract the SiteMinder HTTP headers from the Web request and construct a GenericPrincipal object which holds the identity of the authenticated user"....easy for him to say.  This is definitely worth the read but not for the faint of heart.  To extend this to Sharepoint, I'm guessing you would need to write an ASP.NET HttpModule to intercept the request, redirect the user to the WebSSO login server, manage the session cookie, and set the user identity for SharePoint to consume.  A pretty tall order.  I have not done this yet but it's on the horizon.  Let me know if you have ventured down this road.

Keep the questions coming, .....

</steve>