What's the best practice for single sign on at one web server?

Question

We have some apps written in classic ASP, ASP.NET and PHP. They are all in one same web server. We want to transfer between the apps who is currently log in or none, we do not need to transfer everything in the session object. What is the best way?

We need secure and high performance. Thanks.

Answer 1

If you are looking at a secure single-sign-on solution, something like Shibboleth will come to mind. It uses Security Assertional Markup Language (SAML) to perform user authentication and attribute exchange. It works independently of the application language and injects environment variables into the app.