Common to all Single Sign-On products that have been out there in the market for the past 10 years, most provide agent-based solutions.
Agent-based solutions have been working like a charm. But they have been a pain operationally.
- Cost of Agent management grows as the deployment grows
- Application owners and developers concerned about time to deploy
- Need to coordinate with application owners for upgrades
These are very true points from our experience deploying multiple large-scale SSO solutions in the past.
One of the workaround is not to deploy agent on every application server. Instead, deploy a Reverse Proxy farm (RP farm). This is a centrally controlled farm with Apache HTTPd server with agents deployed.
Of course, bad points aside, there are benefits to having agent-based solutions.
- Broad application coverage