I’m new to this project, but my organization is not. I just learned today that we’re going to be setting up another instance of DHIS2 in Harare, and we need to do SSO if we’re going to have people logging in with their organizational account.
I have some knowledge in this area, and am probably pretty well equipped to help, if somebody wants to point me in the general direction of the authentication architecture.
FWIW, using LDAP binds to log in is not an option. It’s forbidden, because anybody involved in the implementation can either sniff or dump the password traffic. It’s incredibly dangerous to use LDAP authentication in an organization of more than a few people.