We have been asked to implement SSO for n participating web sites.
These n participating sites have the following properties:
- All custom sites on different domains.
- Have their own user accounts stored in their respective databases.
There have been 2 competing ideas presented thus far:
- Custom SSO solution that has its own identity manager app server, running on it's own domain, that acts as a traffic cop, telling the requested site if the user requesting the resource is OK and good to go or not.
- Implement oAuth 2.0 protocol for user authentication across participating sites.
My question is related to bullet point 2. I have used oAuth protocol in the past whenever we needed to integrate 3rd party apps into our site like Twitter, FB, etc but never considered the oAuth platform as part of a SSO solution.
I would like to hear from everyone that has implemented SSO and which of the 2 ideas above makes more sense to pursue.
Thanks
