I am tasked with implementing single sign-on for our customers as part of our next release. The flow exists as follows:
Thus, there are two mechanisms by which a user can be authenticated into our site:
If our product's implementation is in ASP.NET (as opposed to Java/Ruby), should we be using CAS, JOSSO, or some other third party single sign-on product? Or is there something available to a .NET environment which would be simpler for us as a .NET company?
There are multiple options to implement SSO for a .NET application.
Check out the following tutorials online:
Basics of Single Sign on, July 2012
http://www.codeproject.com/Articles/429166/Basics-of-Single-Sign-on-SSO
GaryMcAllisterOnline: ASP.NET MVC 4, ADFS 2.0 and 3rd party STS integration (IdentityServer2), Jan 2013
http://garymcallisteronline.blogspot.com/2013/01/aspnet-mvc-4-adfs-20-and-3rd-party-sts.html
The first one uses ASP.NET Web Forms, while the second one uses ASP.NET MVC4.
If your requirements allow you to use a third-party solution, also consider OpenID. There's an open source library called DotNetOpenAuth.
For further information, read MSDN blog post Integrate OpenAuth/OpenID with your existing ASP.NET application using Universal Providers.
Hope this helps!