SINGLE SIGN-ON
-
Upload
shambhavi-sahay -
Category
Documents
-
view
123 -
download
0
Transcript of SINGLE SIGN-ON
![Page 1: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/1.jpg)
SINGLE SIGN-ONSubmitted By
Shambhavi Sahay15869
MCA-VI semester
![Page 2: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/2.jpg)
What is SSO?How does SSO workImplications of SSOSSO products and authentication
systemsSSO real-world examples and
applications
![Page 3: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/3.jpg)
What is SSO?Single sign-on (SSO) is a property of access
control of multiple related, but independent software systems.
Multiple systems typically require multiple sign-on dialogues◦E.g. Desktop logon, email, library systems, external
resources …◦Multiple sets of credentials◦Presenting credentials multiple times
![Page 4: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/4.jpg)
What is SSO?
The more security domains, the more sign-ons required
![Page 5: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/5.jpg)
How does SSO work?
![Page 6: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/6.jpg)
Implications of SSOCredentials never leave the authentication
domainSecondary (affiliated) domains have to
trust the authentication domain◦Credentials must be asserted correctly◦Protect from unauthorised use
Authentication transfer has to be protected
![Page 7: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/7.jpg)
Components of SSO
![Page 8: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/8.jpg)
Dependencies of SSO
SSO system relies on other infrastructure◦Authentication system◦Requires interface with web server◦Identity management/registration
Need to provide for authorisation◦Applications often need more than just
authentication information◦Attribute information
![Page 9: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/9.jpg)
Some other considerations Most SSO systems are HTTP based
◦ Browser cookies (restricted to the authentication domain)
◦ HTTP redirects
May require integration with application◦ Agent-based architecture◦ SSO protocol
![Page 10: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/10.jpg)
Some other considerations
Needs to interact with authentication system
Needs protocol between authentication domain and target application
![Page 11: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/11.jpg)
Session Management
The SSO application maintains a session for the user
The target application usually maintains a session
Logging out of the target application may not log you out of the SSO application
Single Sign-On Single Sign-Out!◦Application specific
![Page 12: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/12.jpg)
SSO Methods
Most SSO systems rely on cookies◦Widely accepted and supported by browsers◦Users who disable cookies or change browser
security settings may lose SSO capability
X.509 certificates provide alternative approach◦Require installation on users machine◦Need for revocation◦Can be confusing for users
![Page 13: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/13.jpg)
Supported Authentication Methods CAS
◦ LDAP server (OpenLDAP, Active Directory)◦ Kerberos (MIT, Active Directory)
Pubcookie◦ Kerberos v5◦ LDAP server◦ /etc/shadow
![Page 14: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/14.jpg)
Supported Authentication Methods WebAuth
◦ MIT Kerberos◦ OpenLDAP
CoSign◦ Supports GSSAPI
A-Select◦ Banking◦ SMS ‘SURFkey’◦ LDAP◦ Radius
![Page 15: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/15.jpg)
SSO Applications
Applications typically require an ‘enforcement agent’◦Web server module◦Application-level integration◦Usually require authorisation info
Some SSO products utilise a proxy approach◦SSO-enable legacy products without code change
![Page 16: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/16.jpg)
Advantages of SSO
Reduces the chance of forgetting your password.
Reduces IT help desk costs, by reducing the number of calls to the help desk about lost password.
![Page 17: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/17.jpg)
Advantages of SSO
Newer technologies are being implemented to help detect the attempt to hack a certain system, in which it would lock out the hacker from the remaining systems. But, this has more studying to prove how good it works.
![Page 18: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/18.jpg)
Disadvantages of SSO
Vulnerability problems, such as with authentication, privacy keys, etc.
The lacking of a backup stronger authentication, such as smart cards or one-time password tokens.
![Page 19: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/19.jpg)
Disadvantages of SSO
The SSO is a highly-critical tool to keep up always. If the SSO goes out, the user would lose access to all sites.
![Page 20: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/20.jpg)
Examples of Implementations of SSO:-
Log-in with FacebookLog-in with TwitterLog-in with Linked-In or Apply with
Linked-In
![Page 21: SINGLE SIGN-ON](https://reader035.fdocuments.net/reader035/viewer/2022062903/58ecb1361a28ab565e8b462f/html5/thumbnails/21.jpg)
THANK YOU