WebSEAL enthousiasts will tell you that this reverse-proxy solution is of top quality and offers customers a great deal of flexibility. On the other hand, they would have to admit that it requires development effort to integrate it with other (stronger) authentication modules than the four authentication modules it ships with.
OpenSSO enthousiasts will tell you that the free OpenSSO product is of top quality and offers customers a great deal of flexibility and authentication modules out-of-the-box. On the other hand, they would have to admit that one has to build its own reverse-proxy solution with it.
If only there was a way to create a synergy between these two market leading products ... Enter the WebSEAL External Authentication Interface (EAI). This WebSEAL feature allows customers to delegate the authentication process to a third party component. Using OpenSSO as the External Authentication component is like a perfect match. OpenSSO supports a vast number of authentication modules right out-of-the-box like Active Directory, SAML, SecurID, InfoCard and even biometric systems, to name a few. Furthermore it can be deployed on a WebSphere application server and last but not least; it's free!
At IS4U, we put this into practice and wrote a whitepaper about it. It's freely accessible. Feel free to distribute our whitepaper to whom it may concern and provide us with feedback.