Single Sign-On Mechanism: Working, Types of Protocols and Security Issues
Added on 2023-05-27
3 Pages2266 Words349 Views
Single Sign-on Mechanism
2nd Author
2nd author's affiliation
1st line of address
2nd line of address
Telephone number, incl. country code
2nd E-mail
ABSTRACT
This paper discusses about the description based on the topic of
Single Sign-On (SSO) mechanism. The paper discusses about
the working mechanism of SSO and the ways in which different
protocols would be used within the SSO mechanism. SSO could
be defined as a form of mechanism that would make use of
single kind of action based on authentication in order to permit
any authorized user for gaining access to related content. This
kind of mechanism helps the independent software applications
or systems to be accessed without prompting the user to log in
during any particular session. This kind of mechanism helps in
reducing the risk for system administrators for managing the
users, increase their productivity and many others. Once,
particular user would have logged in, the SSO system would
generate an information based on authentication that would be
accepted by various systems and applications. The main concept
of SSO would be based within an Intranet, Internet or Extranet.
This report mainly focuses on the different methods of SSO and
the different advantages based on the adoption of such
mechanism. The report also discusses about the implementation
of the various forms of SSO and the different protocols, which
have been used.
Keywords
Single Sign-On, Open ID Provider, Relying Party, BrowserID,
Kerberos
1. INTRODUCTION
1.1 Definition of Single Sign-On
In the present active digital world, different users would have
access to multiple systems in order to conduct their daily
activities [1]. Single Sign-On (SSO) mechanism could help in
solving different problems in relation with multiple credentials
based on different applications.
The SSO could be defined as a mechanism, which would allow
the users for authenticating mobile or web applications with a
single username and password. This would be helpful for
permitting access to multiple applications that would employ the
same authentication provider. This mechanism is used for the
purpose of authorization and authentication [2]. Authorization is
defined as a process based on gaining access to a particular
resource. Authentication helps in defining the process based on
verification of the concerned user. This deals with the concept
of integrity, confidentiality, availability and non-repudiation.
SSO helps in improving the user and developer productivity
based on avoiding the user in order to remember multiple
passwords. SSO would allow the easy form of management of
the user rights, changing of function and quick integration of
applications.
The primary advantage of SSO is that the concerned user would
not have to remember based on the credentials of the entire set
of applications in a separate manner. The disadvantage of using
SSO mechanism is that is the third party user would gain access
to any website that would be integrated with some kind of
protocols, then the entire systems would become insecure for
use.
1.2 Mechanism of Single Sign-On
In this kind of mechanism, the user would register themselves
within the IDP in order to receive the Open ID credentials. At
this point, the user would want to access the Application A. This
application would thus redirect the user to the IDP. If the user
would want the access to the Web Application B, then it would
send a request to the Web Application B [3]. Based on the
receiving the request, the user would go to the identity provider
and would check whether the user is active or not. If the user
would be found to be active, then the Web Application B would
allow the user to access it in an automatic manner. In a similar
process, the different other web applications would also follow
the similar process. The Web Application A would not know
about the processes that would happen in Web Application B
and vice-versa.
1.3 Types of Single Sign-On
There are two types of Single Sign-On systems. These include
Simple SSO and Complex SSO.
Single SSO – This would cover the aspect of single authority of
authentication. This kind of mechanism could be implemented
within the homogeneous LAN and intranet in which the
machines would be running on the same OS and would be
trusting the same authority of authentication.
Complex SSO – This kind of mechanism would be able to cover
the different authorities of authentication [4]. This would be
implemented within different platforms and thus would entirely
be governed based on different organisations. This could be
implemented on either Extranet or Internet.
2. Different Types of Protocols
There are different kinds of protocols that are used in SSO
mechanism such as OpenID, BrowserID, Kerberos and SAML.
2.1 OpenID
The mechanism of OpenID could be defined as a decentralized
scheme of authentication for the SSO mechanism. These type of
users would be able to choose a trusted form of OpenID server
in order to register themselves. Three kind of parties are
involved within the OpenID mechanism [5]. These include the
Service Provider (SP), the OpenID provider (OP) and the user.
2nd Author
2nd author's affiliation
1st line of address
2nd line of address
Telephone number, incl. country code
2nd E-mail
ABSTRACT
This paper discusses about the description based on the topic of
Single Sign-On (SSO) mechanism. The paper discusses about
the working mechanism of SSO and the ways in which different
protocols would be used within the SSO mechanism. SSO could
be defined as a form of mechanism that would make use of
single kind of action based on authentication in order to permit
any authorized user for gaining access to related content. This
kind of mechanism helps the independent software applications
or systems to be accessed without prompting the user to log in
during any particular session. This kind of mechanism helps in
reducing the risk for system administrators for managing the
users, increase their productivity and many others. Once,
particular user would have logged in, the SSO system would
generate an information based on authentication that would be
accepted by various systems and applications. The main concept
of SSO would be based within an Intranet, Internet or Extranet.
This report mainly focuses on the different methods of SSO and
the different advantages based on the adoption of such
mechanism. The report also discusses about the implementation
of the various forms of SSO and the different protocols, which
have been used.
Keywords
Single Sign-On, Open ID Provider, Relying Party, BrowserID,
Kerberos
1. INTRODUCTION
1.1 Definition of Single Sign-On
In the present active digital world, different users would have
access to multiple systems in order to conduct their daily
activities [1]. Single Sign-On (SSO) mechanism could help in
solving different problems in relation with multiple credentials
based on different applications.
The SSO could be defined as a mechanism, which would allow
the users for authenticating mobile or web applications with a
single username and password. This would be helpful for
permitting access to multiple applications that would employ the
same authentication provider. This mechanism is used for the
purpose of authorization and authentication [2]. Authorization is
defined as a process based on gaining access to a particular
resource. Authentication helps in defining the process based on
verification of the concerned user. This deals with the concept
of integrity, confidentiality, availability and non-repudiation.
SSO helps in improving the user and developer productivity
based on avoiding the user in order to remember multiple
passwords. SSO would allow the easy form of management of
the user rights, changing of function and quick integration of
applications.
The primary advantage of SSO is that the concerned user would
not have to remember based on the credentials of the entire set
of applications in a separate manner. The disadvantage of using
SSO mechanism is that is the third party user would gain access
to any website that would be integrated with some kind of
protocols, then the entire systems would become insecure for
use.
1.2 Mechanism of Single Sign-On
In this kind of mechanism, the user would register themselves
within the IDP in order to receive the Open ID credentials. At
this point, the user would want to access the Application A. This
application would thus redirect the user to the IDP. If the user
would want the access to the Web Application B, then it would
send a request to the Web Application B [3]. Based on the
receiving the request, the user would go to the identity provider
and would check whether the user is active or not. If the user
would be found to be active, then the Web Application B would
allow the user to access it in an automatic manner. In a similar
process, the different other web applications would also follow
the similar process. The Web Application A would not know
about the processes that would happen in Web Application B
and vice-versa.
1.3 Types of Single Sign-On
There are two types of Single Sign-On systems. These include
Simple SSO and Complex SSO.
Single SSO – This would cover the aspect of single authority of
authentication. This kind of mechanism could be implemented
within the homogeneous LAN and intranet in which the
machines would be running on the same OS and would be
trusting the same authority of authentication.
Complex SSO – This kind of mechanism would be able to cover
the different authorities of authentication [4]. This would be
implemented within different platforms and thus would entirely
be governed based on different organisations. This could be
implemented on either Extranet or Internet.
2. Different Types of Protocols
There are different kinds of protocols that are used in SSO
mechanism such as OpenID, BrowserID, Kerberos and SAML.
2.1 OpenID
The mechanism of OpenID could be defined as a decentralized
scheme of authentication for the SSO mechanism. These type of
users would be able to choose a trusted form of OpenID server
in order to register themselves. Three kind of parties are
involved within the OpenID mechanism [5]. These include the
Service Provider (SP), the OpenID provider (OP) and the user.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Security Assertion Markup Language (SAML) - Features, Usage, Advantages and Disadvantageslg...
|3
|615
|260
Information Assurance and Information Technology Assignment 2022lg...
|4
|721
|13
ICT50115: Developing Dynamic Web Pageslg...
|7
|1393
|248
Website Design and Development for XYZ Banklg...
|28
|5417
|357
Virtual Private Networks: Analytical Tasks and Security Measureslg...
|8
|1189
|63
Advanced Network Security: Wireshark Analysis, Web Application Attacks, Cryptography Concepts, Trojan Download Researchlg...
|12
|1957
|154