»

Understanding SSO

SSO enables the user to authenticate only once to his or her client, so that the user does not have to memorize many user names and passwords for other Web sites, Web services, and server applications. In a portal scenario, portlets are shared between many portals and may communicate with enterprise applications that have identity and authorization security constraints.

As shown in the figure, the portal contains portlets that communicate with Web services which in turn communicate with back-end databases and enterprise applications. At each step the end user is required to validate his/her credentials which is a very tedious job. SSO enables to pass these credentials throughout the life cycle of the message, regardless of how many points and nodes are involved between the portal and the eventual data source. This concept is usually referred to as deep authentication. The technology enablers for SSO are Kerberos, SSL, SAML and other cryptographic protocols. 

As an example for SSO, suppose the users’ have 10 sets of credentials in their encrypted store, for 10 different applications. The users need not care to remember all these passwords. An initial sign on password is provided to the user that should grant him access to all these applications. This is called single factor authentication and is more prone to brute force than two factor authentication systems. In a two factor authentication system, the applications 1 through 6 might simply require that the user has shown to have successfully logged in to the primary domain (i.e. LDAP) but for user to log on to applications 7-10 it might check for the insertion/presence of a smart card with valid user keys on it. This is an effective technique where user does not have to deal with the challenges of back-end infrastructure additions/application modifications, etc. Also the hackers are unable to effectively brute force the applications. 

Common implementations of single sign-on are Central Authentication Service (CAS), JOSSO (Open Source Single Sign-On Server), JBoss SSO, Kerberos, myOneLogin (Secure single sign-on for the cloud), OpenAM (previously OpenSSO), SAML, Shibboleth, Smart card (most modern smart cards use RSA, Triple DES and DSA algorithms)

Advertisement

This entry was posted on May 26, 2010 at 11:06 am and is filed under SSO. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Understanding SSO”

  1. Encryption – A basic understanding « Tech_Pa's Blog Says:
    May 26, 2010 at 12:26 pm | Reply

    [...] “Understanding SSO”: Finally the series is concluded by describing what a single-sign on solution means. [...]

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.