What is sso?
1. Single sign-on is an authentication process that permits a user to enter name and password once in order to access multiple applications.
2. The process authenticates the user for all the applications they have the rights to and negates further when they switch applications during a particular session.
1. Reduced operational cost
2. Reduced time to access data
3. Improved user experience, no password lists to carry
4. Increased security to systems
5. Centralized management of users, roles
6. Fine grained auditing
7. Effective compliance (SOX, HIPPA)
Types of SSO
1. A process that coordinates passwords across multiple computers or applications.
2. Each computer, device, application still authenticates behind the scene
a) MTechâ€™s P-Synch
c) SAM Pass Synch
Legacy SSO /Enterprise SSO/Login Automation
1. After initial authentication, it intercepts further login prompts and fills them for us.
2. Learns as we use different application
3. TWO types of enterprise sso -:
A. Script based
A script that would take the required applications credentials and launch the application
B. Application wizard based
i. Runs a service on the client that continually monitors the workstation for login dialog boxes
ii. Event based, cheaper, and easier to deploy
Web Access Management (WAM)
1. Browser based application
2. Cookie support is required
3. Single sign-on to applications deployed on a single web server (domain)
Cross Domain (realm) SSO
1. Multiple realms that manage user credentials.
2. A user authenticated in one realm gets signed-on to an application using another realm typically with in the same enterprise
1. Extend SSO across enterprises
a) Establishment of trusted partnership
b) New revenue opportunitie
c) New, efficient, and production biz models
Common implementation approach
1. Initial authentication prompts the user for credentials, and gets a KerberosÂ ticket-granting ticketÂ (TGT).
2. Additional software applications requiring authentication use the TGT to acquire service tickets and proves the user's identity to the application server without prompting the user to re-enter credentials.
Smart card based
1. Initial authentication prompts the user for theÂ smart card. Additional software applications also use the smart card, without prompting the user to re-enter credentials.
2. Smart card-based single sign-on can either use certificates or passwords stored on the smart card.
1. Also referred to as a one-time passwordÂ token.
2. This OTP token method is more secure and effective at prohibiting unauthorized access than other authentication methods.
Integrated Windows Authentication
1. The term is most commonly used to refer to the automatically authenticated connections between MicrosoftÂ Internet `Information Services and Internet Explorer.
2. Cross-platform Active Directory integration vendors have extended the Integrated Windows Authentication paradigm to Unix, Linux and Mac systems.
Security Assertion Markup Language
1. Security Assertion Markup LanguageÂ (SAML) is an XML-based solution for exchanging user security information between an enterprise and a service provider.
2. It supports W3C XML encryption and service provider initiated web single sign-on exchanges.
3. The user is called the subject in the SAML-based single sign-on.
4. The identity provider is the one that provides the user credentials.
5. The service provider trusts the identity provider on the user information to provide access to its services or resources.