SINGLE SIGN-ONSubmitted By

Shambhavi Sahay15869

MCA-VI semester

What is SSO?How does SSO workImplications of SSOSSO products and authentication

systemsSSO real-world examples and

applications

What is SSO?Single sign-on (SSO) is a property of access

control of multiple related, but independent software systems.

Multiple systems typically require multiple sign-on dialogues◦E.g. Desktop logon, email, library systems, external

resources …◦Multiple sets of credentials◦Presenting credentials multiple times

What is SSO?

The more security domains, the more sign-ons required

How does SSO work?

Implications of SSOCredentials never leave the authentication

domainSecondary (affiliated) domains have to

trust the authentication domain◦Credentials must be asserted correctly◦Protect from unauthorised use

Authentication transfer has to be protected

Components of SSO

Dependencies of SSO

SSO system relies on other infrastructure◦Authentication system◦Requires interface with web server◦Identity management/registration

Need to provide for authorisation◦Applications often need more than just

authentication information◦Attribute information

Some other considerations Most SSO systems are HTTP based

◦ Browser cookies (restricted to the authentication domain)

◦ HTTP redirects

May require integration with application◦ Agent-based architecture◦ SSO protocol

Some other considerations

Needs to interact with authentication system

Needs protocol between authentication domain and target application

Session Management

The SSO application maintains a session for the user

The target application usually maintains a session

Logging out of the target application may not log you out of the SSO application

Single Sign-On Single Sign-Out!◦Application specific

SSO Methods

Most SSO systems rely on cookies◦Widely accepted and supported by browsers◦Users who disable cookies or change browser

security settings may lose SSO capability

X.509 certificates provide alternative approach◦Require installation on users machine◦Need for revocation◦Can be confusing for users

Supported Authentication Methods CAS

◦ LDAP server (OpenLDAP, Active Directory)◦ Kerberos (MIT, Active Directory)

Pubcookie◦ Kerberos v5◦ LDAP server◦ /etc/shadow

Supported Authentication Methods WebAuth

◦ MIT Kerberos◦ OpenLDAP

CoSign◦ Supports GSSAPI

A-Select◦ Banking◦ SMS ‘SURFkey’◦ LDAP◦ Radius

SSO Applications

Applications typically require an ‘enforcement agent’◦Web server module◦Application-level integration◦Usually require authorisation info

Some SSO products utilise a proxy approach◦SSO-enable legacy products without code change

Advantages of SSO

Reduces the chance of forgetting your password. 

Reduces IT help desk costs, by reducing the number of calls to the help desk about lost password.

Advantages of SSO

Newer technologies are being implemented to help detect the attempt to hack a certain system, in which it would lock out the hacker from the remaining systems. But, this has more studying to prove how good it works.

Disadvantages of SSO

Vulnerability problems, such as with authentication, privacy keys, etc.

The lacking of a backup stronger authentication, such as smart cards or one-time password tokens.

Disadvantages of SSO

The SSO is a highly-critical tool to keep up always. If the SSO goes out, the user would lose access to all sites.

Examples of Implementations of SSO:-

Log-in with FacebookLog-in with TwitterLog-in with Linked-In or Apply with

Linked-In

THANK YOU