Objectif Sécurité dealt with several SSO solutions during this month. The first one that was audited lets Firefox users protect their web passwords with a one-time master password. We also audited a generic SSO solution based on SecureLogin from ActivIdentity. This is a script-based solution that fills in login forms automatically. Finally, we worked on Kerberos authentication with Active Directory for java servlets in Weblogic and PHP applications in Apache.