There is also a CAS module that provides an abstract SSO with some shibboleth support iirc.
Comment by Anonymous
Many thanks for the writeup!
Many thanks for the writeup!
Comment by Manu
awesome, i have added that
awesome, i have added that and simpleSAMLphp to the alternatives page.
Comment by anarcat
Persona: you should take another look at it

Salut Antoine,

Most of the Persona criticism you link to is rather old. In the case of the Stack Exchange one, I took the time to point out flaws in the "accepted answer", but the other article also makes a few flawed assumptions. It's easy to find problems when you compare Persona implicitly to an ideal system that doesn't (and never will) exist, but when you dive deep into those problems, things aren't so simple :)

One thing to point out is that we're not going to get out of the authentication mess with pure HTML solutions. To get a solution that's decent from a privacy and security point of view, we need support from the browser. So yes, Persona as it stands doesn't solve everything that's wrong about authentication on the web (neither does OpenID), but it's only going to improve as native support gets rolled out.

It's intended to be just as decentralized as OpenID, which as you point out, is critical for keeping the web open. We care deeply about that.

Anyways, I think you should take another good look at it :) If you have any questions: (or #identity on You can always email me of course :)


Comment by François Marier