Who's done SSO

aleks · 2012-10-31 09:28:18 UTC

I have a client with Squiz Matrix 4.10 and they're looking at starting another project for implementing an organisational wide sso solution - from scratch!

Their matrix site is going to be the first candidate for this.

My question is, does anyone have any advice that they can provide for integrating a CAS/OpenLdap with matrix? That is for user provisioning and authentication. I know there is SAML functionality in 4.10.3 and 4.12, but we are also looking at other solutions at different layers of the app stack.

Just looking for best practice and any lessons learned - because I'm sure people must have done this before!

aleks · 2012-11-13 14:35:53 UTC

Wow. Noone? :unsure:

nnhubbard · 2012-11-13 16:12:13 UTC

[quote]
Wow. Noone? :unsure:

[/quote]

Maybe it has been done on the government level but those users are not on the forums? Sounds like Squiz staff might have some insight…

LightningMcQueen · 2012-11-26 03:58:15 UTC

Hi Aleks,

Not sure I can be of much help here, but the one problem I have with out LDAP SSO is that it is very slow to load. However, my boss says this is due to the speed of the original source (not Matrix). We use Active Directory as our source which then links into Matrix.

Depending on your need for linking from the LDAP into your various usergroups within Matrix, remember to consider to speed of loading the LDAP folder! Ours can take 15 minutes to load 500 usernames in the LDAP folder (and then wait another 15 minutes to load and view the second overflow list.)

Hope it all works out for you!

Emily.

nnhubbard · 2012-11-26 04:05:25 UTC

[quote]
Depending on your need for linking from the LDAP into your various usergroups within Matrix, remember to consider to speed of loading the LDAP folder! Ours can take 15 minutes to load 500 usernames in the LDAP folder (and then wait another 15 minutes to load and view the second overflow list.)

[/quote]

Wow, there must be something wrong with your AD. We also using Active Directory, and ours loads within a second or two. Even when loading hundreds of users.

LightningMcQueen · 2012-12-03 01:00:47 UTC

My boss says the servers that the AD is stored on are very slow. But we don’t have any control over that - that’s another department unfortunately!
I wish ours loaded the 500-1000 users in a few seconds!! :unsure: