This document discusses Single Sign On (SSO), which allows a user to access multiple services or applications with a single set of login credentials. It describes common SSO protocols like SAML and OpenID Connect and where SSO can be implemented, such as on-premise or in the cloud. Examples of SSO use cases and product categories are provided.
8. What is SSO?
A session/user authentication process in
order to access multiple services/apps
→ Eliminates login prompts during a
particular session.
→ Reduced Sign On (RSO)
9. Adv
- uniform AaA policies
- audit session
- not have to understand
- desk cost savings
Dis-adv
- single point of enterprise failure
- data integrity
12. Concepts & Protocols?
SAML 2.0 OpenID Connect Others
Description - Most widely adopted
standard for Web SSO.
- XML based.
- Most promissing
successor to SAML.
- JSON based
- A profile of OAuth 2.
- Promises better support
for mobile.
- Earlier protocols that
are still in use should
be deprecated.
- Cookie based
(LtpaToken, LtpaToken2,...)
Relavant jargon - Identity Provider (IdP)
- Service Provider (SP)
- Attributes
- SP Metadata
- OpenID Provider (OP)
- Relying Party (RP)
- User claims
- Client Claims
Kerberos, RADIUS,
LDAP, WS-*, OpenID 2,
CAS
19. Which products?
SaaS Okta, OneLogin, Stormpath,
Symplified
- No root access to the server. If there's a
security breach, it affects everyone
- Per user or per application pricing can
become costly
Open Source Gluu, ForgeRock, CAS,
Indepedent integrators and
consulting shops
- Expensive to design and build
- High cost of care and feeding
- Hard to support new app integrations
Enterprise Software Oracle Access Manager, CA
SiteMinder, IBM Tivoli Access
Manager, RSA Cleartrust,
Microsoft ADFS, Ping Federate,...
- Expensive license fees
- Vendor lock-in
20.
21. How to do?
- Ask yourself?
- Ask your organisation?
- Ask your customer?
- Ask your partner?
- Ask your producer?
22. Steps for Effective SSO Deployments
Step 1. Get power users and executive sponsorship
Step 2. Establish deployment goals and priorities
Step 3. Understand end user resistance to change
Step 4. Include the right people and resources in the
project
Step 5. Train people at all phases
Step 6. Test thoroughly
Step 7. Market the solution