single sign-on
TRANSCRIPT
SINGLE SIGN-ONSubmitted By
Shambhavi Sahay15869
MCA-VI semester
What is SSO?How does SSO workImplications of SSOSSO products and authentication
systemsSSO real-world examples and
applications
What is SSO?Single sign-on (SSO) is a property of access
control of multiple related, but independent software systems.
Multiple systems typically require multiple sign-on dialogues◦E.g. Desktop logon, email, library systems, external
resources …◦Multiple sets of credentials◦Presenting credentials multiple times
What is SSO?
The more security domains, the more sign-ons required
How does SSO work?
Implications of SSOCredentials never leave the authentication
domainSecondary (affiliated) domains have to
trust the authentication domain◦Credentials must be asserted correctly◦Protect from unauthorised use
Authentication transfer has to be protected
Components of SSO
Dependencies of SSO
SSO system relies on other infrastructure◦Authentication system◦Requires interface with web server◦Identity management/registration
Need to provide for authorisation◦Applications often need more than just
authentication information◦Attribute information
Some other considerations Most SSO systems are HTTP based
◦ Browser cookies (restricted to the authentication domain)
◦ HTTP redirects
May require integration with application◦ Agent-based architecture◦ SSO protocol
Some other considerations
Needs to interact with authentication system
Needs protocol between authentication domain and target application
Session Management
The SSO application maintains a session for the user
The target application usually maintains a session
Logging out of the target application may not log you out of the SSO application
Single Sign-On Single Sign-Out!◦Application specific
SSO Methods
Most SSO systems rely on cookies◦Widely accepted and supported by browsers◦Users who disable cookies or change browser
security settings may lose SSO capability
X.509 certificates provide alternative approach◦Require installation on users machine◦Need for revocation◦Can be confusing for users
Supported Authentication Methods CAS
◦ LDAP server (OpenLDAP, Active Directory)◦ Kerberos (MIT, Active Directory)
Pubcookie◦ Kerberos v5◦ LDAP server◦ /etc/shadow
Supported Authentication Methods WebAuth
◦ MIT Kerberos◦ OpenLDAP
CoSign◦ Supports GSSAPI
A-Select◦ Banking◦ SMS ‘SURFkey’◦ LDAP◦ Radius
SSO Applications
Applications typically require an ‘enforcement agent’◦Web server module◦Application-level integration◦Usually require authorisation info
Some SSO products utilise a proxy approach◦SSO-enable legacy products without code change
Advantages of SSO
Reduces the chance of forgetting your password.
Reduces IT help desk costs, by reducing the number of calls to the help desk about lost password.
Advantages of SSO
Newer technologies are being implemented to help detect the attempt to hack a certain system, in which it would lock out the hacker from the remaining systems. But, this has more studying to prove how good it works.
Disadvantages of SSO
Vulnerability problems, such as with authentication, privacy keys, etc.
The lacking of a backup stronger authentication, such as smart cards or one-time password tokens.
Disadvantages of SSO
The SSO is a highly-critical tool to keep up always. If the SSO goes out, the user would lose access to all sites.
Examples of Implementations of SSO:-
Log-in with FacebookLog-in with TwitterLog-in with Linked-In or Apply with
Linked-In
THANK YOU