SlideShare une entreprise Scribd logo

Single Sign On - The Basics

Ishan A B Ambanwela
Ishan A B Ambanwela

This document discusses single sign-on (SSO), which allows users to access multiple protected resources with one set of credentials. It describes different SSO approaches like smart card-based and Kerberos-based SSO. Legacy SSO uses scripts or services to automatically fill login prompts. Password synchronization keeps passwords synced across devices. Software token-based SSO issues tokens for access instead of credentials. The document also covers web SSO using cookies and PC login session-based SSO. It concludes with a brief discussion of potential future uses of SSO on mobile devices.

LogicielsTechnologie
1  sur  16
Télécharger pour lire hors ligne
Single Sign On – The Basics Ishan A B Ambanwela
Contents ● What is SSO ● Not to be Confused with ● Pros & Cons ● SSO Approaches – By Configuration ● Types of SSO – Legacy SSO – Password Synchronization – Software Token Based Authentication ● Browser Session ● PC Login session – Mobile SSO ● Q&A
What is SSO ● Single sign-on gives users the ability to access more than one protected resource (Web pages and applications) with one authentication.
Not to be Confused with... ● Authentication vs Authorization ● Shared authentication schemes – Oauth – OpenID / OpenID Connect – Facebook Connect ● Single Sign Out
Pros & Cons ● Reduced operational cost ● Reduced time to access data ● Improved user experience ● Ease burden on developers ● Centralized management of users ● Fine grained auditing ● Effective compliance ● Advanced security to systems – Smart cards, One time password tokens ● impractical in different levels of secure access ● increases the negative impact in case of credentials exposed ● makes the authentication systems highly critical ● Complex logics and pitfalls ● Should combined with strong authentication methods – Smart cards, One time password tokens
SSO Approaches – By Configuration ● Smart card based ● Kerberos based ● SAML (Security Assertion Markup Language) ● Integrated Windows Authentication – An umbrella term for ● SPNEGO, Kerberos, and NTLMSSP
Types of SSO ● Legacy SSO ● Password synchronization ● Software Token Based Authentication
Legacy SSO ● aka - Enterprise or Employee SSO (eSSO) ● After primary authentication, it intercepts further login prompts and fills them for you ● Which is accomplished using – Script ● Which executes the real application with credentials – Background service ● Monitors for login prompts and pass credentials ● Products/Implementations – Citrix Password Manager, Imprivata eSSO appliance, PassLogix, Novell’s Secure Login
Password Synchronization ● A process that coordinates passwords across multiple computers and devices and/or applications ● Each computer, device, application still authenticates but behind the scene ● Products/Implementations – MTech's P-Synch, Proginet's SecurPass, Systor's SAM Password Synchronization
Software Token Based Authentication ● Allow users to enter their username and password in order to obtain a token ● Once their token has been obtained, the user can offer the token - which offers access to a specific resource for a time period - to the remote site instead of credentials ● Complex encryption with complex logic differentiates the implementations ● Usually associated with a session – Web SSO - Browser session – Other SSO - PC Log in session
Web SSO ● Works for browser based applications ● Cookie support is required – Because token is kept in a cookie ● Usually single sign-on to applications deployed on a single web server (domain) ● Implementations – Jasig CAS
PC Login session based SSO ● Works for all kinds of applications – Mail clients – Web applications ● Token is kept in user session ● Client application should implement this feature ● Implementations – Some Kerberos implementations – NTLM
Mobile SSO ● Since Mobile Phone/Tab is a strictly personal device, SSO has not very significant role ● Can save all different passwords like in Legacy SSO ● As technology is getting complicated, SSO will be introduced in near future
Q & A
References ● https://www.owasp.org/images/2/26/OWASPSa nAntonio_2006_08_SingleSignOn.ppt ● http://www.jasig.org/cas/protocol ● http://web.mit.edu/kerberos/ ● Various SSO products pages
Thank you and Good luck :-)

Recommandé

SSO introduction
SSO introductionSSO introduction
SSO introduction
Aidy Tificate
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
Đỗ Duy Trung
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ON
Shambhavi Sahay
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
Oliver Mueller
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
Venkat Gattamaneni
 

Recommandé

SSO introduction
SSO introductionSSO introduction
SSO introduction
Aidy Tificate
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
Đỗ Duy Trung
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ON
Shambhavi Sahay
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
Oliver Mueller
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
Venkat Gattamaneni
 
Single Sign On - Case Study
Single Sign On - Case StudySingle Sign On - Case Study
Single Sign On - Case Study
Ebizon
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
Knoldus Inc.
 
Okta docs
Okta docsOkta docs
Okta docs
Sam Bauch
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
Mika Koivisto
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
Aaron Parecki
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
Salesforce Developers
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
John Bauer
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with Microsoft
FIDO Alliance
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
Programming Talents
 
Enterprise single sign on
Enterprise single sign onEnterprise single sign on
Enterprise single sign on
Archit Sharma
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
Marco Morana
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
42Crunch
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
Prabath Siriwardena
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
42Crunch
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
Single sign on
Single sign onSingle sign on
Single sign on
Rob Fitzgibbon
 
Pharmaceutical e-Marketing v2.0
Pharmaceutical e-Marketing v2.0Pharmaceutical e-Marketing v2.0
Pharmaceutical e-Marketing v2.0
Jean-Luc Caut
 

Contenu connexe

Tendances

Single Sign On - Case Study
Single Sign On - Case StudySingle Sign On - Case Study
Single Sign On - Case Study
Ebizon
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
John Bauer
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
42Crunch
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
42Crunch
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 

Tendances (20)

Single Sign On - Case Study
Single Sign On - Case StudySingle Sign On - Case Study
Single Sign On - Case Study
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
Okta docs
Okta docsOkta docs
Okta docs
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
Single Sign-On Best Practices
Single Sign-On Best PracticesSingle Sign-On Best Practices
Single Sign-On Best Practices
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with Microsoft
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
 
Enterprise single sign on
Enterprise single sign onEnterprise single sign on
Enterprise single sign on
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 

En vedette

Pharmaceutical e-Marketing v2.0
Pharmaceutical e-Marketing v2.0Pharmaceutical e-Marketing v2.0
Pharmaceutical e-Marketing v2.0
Jean-Luc Caut
 
Setting up the To Do Module
Setting up the To Do ModuleSetting up the To Do Module
Setting up the To Do Module
Michael Payne
 
Top 10 project officer interview questions and answers pdf
Top 10 project officer interview questions and answers pdfTop 10 project officer interview questions and answers pdf
Top 10 project officer interview questions and answers pdf
HelenMirren123
 
Transcription & Translation
Transcription & TranslationTranscription & Translation
Transcription & Translation
Crystal Wood
 
Febrile neutropenia
Febrile neutropeniaFebrile neutropenia
Febrile neutropenia
Ahmed Allam
 

En vedette (18)

Single sign on
Single sign onSingle sign on
Single sign on
 
Pharmaceutical e-Marketing v2.0
Pharmaceutical e-Marketing v2.0Pharmaceutical e-Marketing v2.0
Pharmaceutical e-Marketing v2.0
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
 
Setting up the To Do Module
Setting up the To Do ModuleSetting up the To Do Module
Setting up the To Do Module
 
Hadoop - Overview
Hadoop - OverviewHadoop - Overview
Hadoop - Overview
 
IT Strategy Development Process
IT Strategy Development ProcessIT Strategy Development Process
IT Strategy Development Process
 
Home exam answers
Home exam answersHome exam answers
Home exam answers
 
Plants adaptations presentation for kids
Plants adaptations presentation for kidsPlants adaptations presentation for kids
Plants adaptations presentation for kids
 
Top 10 tech support manager interview questions and answers
Top 10 tech support manager interview questions and answersTop 10 tech support manager interview questions and answers
Top 10 tech support manager interview questions and answers
 
Top 10 project officer interview questions and answers pdf
Top 10 project officer interview questions and answers pdfTop 10 project officer interview questions and answers pdf
Top 10 project officer interview questions and answers pdf
 
Training Program Presentation
Training Program PresentationTraining Program Presentation
Training Program Presentation
 
Retail Brand Development. Challenges and Opportunities - a Russian Perspective
Retail Brand Development. Challenges and Opportunities - a Russian PerspectiveRetail Brand Development. Challenges and Opportunities - a Russian Perspective
Retail Brand Development. Challenges and Opportunities - a Russian Perspective
 
Electrical Pressure Measuring Devices
Electrical Pressure Measuring DevicesElectrical Pressure Measuring Devices
Electrical Pressure Measuring Devices
 
Transcription & Translation
Transcription & TranslationTranscription & Translation
Transcription & Translation
 
SOLID DISPERSION TECHNIQUE
SOLID DISPERSION TECHNIQUESOLID DISPERSION TECHNIQUE
SOLID DISPERSION TECHNIQUE
 
Thermistor Temperature Sensors
Thermistor Temperature SensorsThermistor Temperature Sensors
Thermistor Temperature Sensors
 
Gas chromatography and its instrumentation
Gas chromatography and its instrumentationGas chromatography and its instrumentation
Gas chromatography and its instrumentation
 
Febrile neutropenia
Febrile neutropeniaFebrile neutropenia
Febrile neutropenia
 

Similaire à Single Sign On - The Basics

Webinar: Talking to Devices - The Importance of a Comprehensive Internet of T...
Webinar: Talking to Devices - The Importance of a Comprehensive Internet of T...Webinar: Talking to Devices - The Importance of a Comprehensive Internet of T...
Webinar: Talking to Devices - The Importance of a Comprehensive Internet of T...
WSO2
 
Securing ap is oauth and fine grained access control
Securing ap is oauth and fine grained access controlSecuring ap is oauth and fine grained access control
Securing ap is oauth and fine grained access control
AaronLieberman5
 

Similaire à Single Sign On - The Basics (20)

Why you should use true single-sign-on in Icinga Web 2 - Icinga Camp Stockhol...
Why you should use true single-sign-on in Icinga Web 2 - Icinga Camp Stockhol...Why you should use true single-sign-on in Icinga Web 2 - Icinga Camp Stockhol...
Why you should use true single-sign-on in Icinga Web 2 - Icinga Camp Stockhol...
 
Tdp ws trust
Tdp ws trustTdp ws trust
Tdp ws trust
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
OWASP Top 10 Proactive Control 2016 (C5-C10)
OWASP Top 10 Proactive Control 2016 (C5-C10)OWASP Top 10 Proactive Control 2016 (C5-C10)
OWASP Top 10 Proactive Control 2016 (C5-C10)
 
Implementation of Single Sign On (SSO) Technology Using SAML Standards At U...
Implementation of Single Sign On (SSO) Technology Using SAML Standards At U...Implementation of Single Sign On (SSO) Technology Using SAML Standards At U...
Implementation of Single Sign On (SSO) Technology Using SAML Standards At U...
 
Single sign on assistant an authentication brokers
Single sign on assistant an authentication brokersSingle sign on assistant an authentication brokers
Single sign on assistant an authentication brokers
 
Anonymous Individual Integration for IoT
Anonymous Individual Integration for IoTAnonymous Individual Integration for IoT
Anonymous Individual Integration for IoT
 
sso_on_new system with security is more concern
sso_on_new system with security is more concernsso_on_new system with security is more concern
sso_on_new system with security is more concern
 
IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architecture
 
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
implement authentication mechanisms
implement authentication mechanismsimplement authentication mechanisms
implement authentication mechanisms
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Webinar: Talking to Devices - The Importance of a Comprehensive Internet of T...
Webinar: Talking to Devices - The Importance of a Comprehensive Internet of T...Webinar: Talking to Devices - The Importance of a Comprehensive Internet of T...
Webinar: Talking to Devices - The Importance of a Comprehensive Internet of T...
 
Choosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your AppChoosing the Best Business Intelligence Security Model for Your App
Choosing the Best Business Intelligence Security Model for Your App
 
Securing ap is oauth and fine grained access control
Securing ap is oauth and fine grained access controlSecuring ap is oauth and fine grained access control
Securing ap is oauth and fine grained access control
 
Mobile Authentication - Moving Towards a Passwordless Future
Mobile Authentication - Moving Towards a Passwordless FutureMobile Authentication - Moving Towards a Passwordless Future
Mobile Authentication - Moving Towards a Passwordless Future
 
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
 

Dernier

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 

Dernier (20)

%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 

Single Sign On - The Basics

  • 1. Single Sign On – The Basics Ishan A B Ambanwela
  • 2. Contents ● What is SSO ● Not to be Confused with ● Pros & Cons ● SSO Approaches – By Configuration ● Types of SSO – Legacy SSO – Password Synchronization – Software Token Based Authentication ● Browser Session ● PC Login session – Mobile SSO ● Q&A
  • 3. What is SSO ● Single sign-on gives users the ability to access more than one protected resource (Web pages and applications) with one authentication.
  • 4. Not to be Confused with... ● Authentication vs Authorization ● Shared authentication schemes – Oauth – OpenID / OpenID Connect – Facebook Connect ● Single Sign Out
  • 5. Pros & Cons ● Reduced operational cost ● Reduced time to access data ● Improved user experience ● Ease burden on developers ● Centralized management of users ● Fine grained auditing ● Effective compliance ● Advanced security to systems – Smart cards, One time password tokens ● impractical in different levels of secure access ● increases the negative impact in case of credentials exposed ● makes the authentication systems highly critical ● Complex logics and pitfalls ● Should combined with strong authentication methods – Smart cards, One time password tokens
  • 6. SSO Approaches – By Configuration ● Smart card based ● Kerberos based ● SAML (Security Assertion Markup Language) ● Integrated Windows Authentication – An umbrella term for ● SPNEGO, Kerberos, and NTLMSSP
  • 7. Types of SSO ● Legacy SSO ● Password synchronization ● Software Token Based Authentication
  • 8. Legacy SSO ● aka - Enterprise or Employee SSO (eSSO) ● After primary authentication, it intercepts further login prompts and fills them for you ● Which is accomplished using – Script ● Which executes the real application with credentials – Background service ● Monitors for login prompts and pass credentials ● Products/Implementations – Citrix Password Manager, Imprivata eSSO appliance, PassLogix, Novell’s Secure Login
  • 9. Password Synchronization ● A process that coordinates passwords across multiple computers and devices and/or applications ● Each computer, device, application still authenticates but behind the scene ● Products/Implementations – MTech's P-Synch, Proginet's SecurPass, Systor's SAM Password Synchronization
  • 10. Software Token Based Authentication ● Allow users to enter their username and password in order to obtain a token ● Once their token has been obtained, the user can offer the token - which offers access to a specific resource for a time period - to the remote site instead of credentials ● Complex encryption with complex logic differentiates the implementations ● Usually associated with a session – Web SSO - Browser session – Other SSO - PC Log in session
  • 11. Web SSO ● Works for browser based applications ● Cookie support is required – Because token is kept in a cookie ● Usually single sign-on to applications deployed on a single web server (domain) ● Implementations – Jasig CAS
  • 12. PC Login session based SSO ● Works for all kinds of applications – Mail clients – Web applications ● Token is kept in user session ● Client application should implement this feature ● Implementations – Some Kerberos implementations – NTLM
  • 13. Mobile SSO ● Since Mobile Phone/Tab is a strictly personal device, SSO has not very significant role ● Can save all different passwords like in Legacy SSO ● As technology is getting complicated, SSO will be introduced in near future
  • 14. Q & A
  • 16. Thank you and Good luck :-)