Novell Nsure SecureLogin
$79 per user
Requires no special 'Policy Server' or server software.
Supports SSO only from Windows and Citrix-based workstations.
Provides SSO simply by leveraging the existing directory service, which allows it to operate in the widest range of heterogeneous environments.
SecureLogin provides SSO across all the applications that a corporation might be running – mainframe, web-based, Windows 32-bit and UNIX. It also works with terminal emulators and in Citrix environments, and integrates with two-factor authentication systems based on smartcards, tokens or biometrics.
It leverages existing directory services of IT infrastructure to store credentials securely and works with Microsoft Active Directory, Windows NT Domains, Novell eDirectory, or any LDAP v3 directory service. So it can take advantage of all the fault-tolerant and replication features of such directory services. Central management of users, passwords, policies and permissions is left to existing management tools for directory services.
SSO is achieved from a user's Windows 32-bit desktop and it works by keeping a record of user authentication credentials and instructions on how to use them. It stores these (securely encrypted using triple-DES) in the directory, and it detects login requests, retrieves the appropriate authentication credentials and automatically supplies them to the application.
It also supports session-based passwords automatically and transparently changes every time a user logs onto an application. This method uses a cryptographic key process to authenticate the user to the remote system and, rather than entering the username and password for a user, SecureLogin can effectively take over the authentication process of the application using a shared cryptographic key.
This can be achieved on applications that give programmers interfaces into their products, so that one-time password functionality can be implemented.Encrypted SSO login information is cached locally on the workstation, so even if not logged into the directory service, the local cache files can be used. By caching a user's SSO information (synchronized at each connection), the user can still use SSO for available systems if there is a network failure.