• Pages

    • Recent Articles

    Links

    Nedu and Decoupled Authentication

    For those of you who get tasked with integrating Nedu with various applications, you know that the Nedu side of the integration rarely causes problems. The Nedu API is pretty simple if you’re hitting Nedu from a progamming language, and if you’re using RADIUS, the RADIUS Adaptor simply looks like a RADIUS server.

    When there are problems, they are generally caused by the differences in the authentication workflow between traditional username/password systems and Nedu. Whilst the intelligentAuthenticate call usually fixes things, it would be nicer if app developers decoupled their authentication processes from their applications.

    Just like Google and Salesforce have done. And we love them for it. So much so, that they get Nedu pre-integrated for their customers. Google does this via SAML and Salesforce uses their own web service calls to an identity provider you configure in your company’s Salesforce configuration.

    The SAML method is much more elegant, and Google’s implementation is so nice that we should now be able to pre-integrate Nedu with any SAML capable service very quickly. The Salesforce method is more custom, and without some of the functionality of Nedu, would be slightly frightening (who wants to pass their user’s actual passwords to Salesforce?)

    So, we get to the point of the blog entry.

    If you are an app developer, particularly a SaaS app developer, please support SAML for authentication at the very least. And if SAML is too daunting, (the spec isn’t the way to learn about SAML) something like Salesforce’s SSO API is better than not supporting anything. Doing so decouples your application logic from the process used for authentication. It means that implementing new authentication schemes is trivial. Better than that, it means you can get somebody else to handle the messy business of authentication for you.

    In real terms, it means that your customers can do a lot to secure themselves, rather than relying on you to solve their authentication woes, which probably isn’t your core business. That leads to happier customers, more business and less problems.

    If you do decouple your application processes, let us know. If you can mount a solid case for pre-integrating your app with Nedu, we will seriously consider it. Especially if you use SAML :).

    Leave a Reply