I’m working on a healthcare application that needs to meet CCHIT standards. Right now we handle our own user authentication and password management, but we want to make it more flexible.
Our software runs in different environments. Some clients use UNIX systems for authentication, others have Novell networks, some use Windows Active Directory, and smaller offices don’t have any centralized authentication at all.
I want to create a solution that works everywhere without forcing users to maintain separate login credentials. The goal is to integrate with whatever authentication system the client already has in place.
What options exist for building this kind of unified authentication layer? Are there existing tools that can bridge multiple directory services, or would we need to build our own middleware?
We primarily develop in Delphi and Java, so solutions compatible with these languages would be preferred.
u should def consider LDAP! it’s super versatile and works well with various directory services. we tested configs using Apache Directory Studio, and it fits both Java and Delphi perfectly. good luck with your project!
Interesting challenge! Have you checked out SAML or OAuth? What specific CCHIT requirements are you dealing with - audit trails or something else? And what’s your plan when directory services go down?
I’ve dealt with this exact setup in healthcare environments. Go with PAM (Pluggable Authentication Modules) plus a centralized identity management system. You’ll authenticate against multiple backends through one clean interface. For your stack, use Spring Security for Java and implement SSPI (Security Support Provider Interface) for Windows in your Delphi code. This combo works great for cross-platform auth. The big win? You can build authentication adapters for each directory service while keeping a consistent API. Plus it helps with CCHIT compliance - centralized logging and audit trails across all auth methods. I’ve found this way more reliable than forcing everything into LDAP, especially with legacy UNIX systems that don’t have modern directory services set up.