SlideShare a Scribd company logo

Single Sign On - The Basics

Ishan A B Ambanwela, profile picture
Ishan A B Ambanwela

This document discusses single sign-on (SSO), which allows users to access multiple protected resources with one set of credentials. It describes different SSO approaches like smart card-based and Kerberos-based SSO. Legacy SSO uses scripts or services to automatically fill login prompts. Password synchronization keeps passwords synced across devices. Software token-based SSO issues tokens for access instead of credentials. The document also covers web SSO using cookies and PC login session-based SSO. It concludes with a brief discussion of potential future uses of SSO on mobile devices.

SoftwareTechnology
1 of 16
Downloaded 116 times
1
2
3
4
5
6
7
8
Most read
9
Most read
10
Most read
11
12
13
14
15
16
Single Sign On – The Basics Ishan A B Ambanwela
Contents ● What is SSO ● Not to be Confused with ● Pros & Cons ● SSO Approaches – By Configuration ● Types of SSO – Legacy SSO – Password Synchronization – Software Token Based Authentication ● Browser Session ● PC Login session – Mobile SSO ● Q&A
What is SSO ● Single sign-on gives users the ability to access more than one protected resource (Web pages and applications) with one authentication.
Not to be Confused with... ● Authentication vs Authorization ● Shared authentication schemes – Oauth – OpenID / OpenID Connect – Facebook Connect ● Single Sign Out
Pros & Cons ● Reduced operational cost ● Reduced time to access data ● Improved user experience ● Ease burden on developers ● Centralized management of users ● Fine grained auditing ● Effective compliance ● Advanced security to systems – Smart cards, One time password tokens ● impractical in different levels of secure access ● increases the negative impact in case of credentials exposed ● makes the authentication systems highly critical ● Complex logics and pitfalls ● Should combined with strong authentication methods – Smart cards, One time password tokens
SSO Approaches – By Configuration ● Smart card based ● Kerberos based ● SAML (Security Assertion Markup Language) ● Integrated Windows Authentication – An umbrella term for ● SPNEGO, Kerberos, and NTLMSSP
Types of SSO ● Legacy SSO ● Password synchronization ● Software Token Based Authentication
Legacy SSO ● aka - Enterprise or Employee SSO (eSSO) ● After primary authentication, it intercepts further login prompts and fills them for you ● Which is accomplished using – Script ● Which executes the real application with credentials – Background service ● Monitors for login prompts and pass credentials ● Products/Implementations – Citrix Password Manager, Imprivata eSSO appliance, PassLogix, Novell’s Secure Login
Password Synchronization ● A process that coordinates passwords across multiple computers and devices and/or applications ● Each computer, device, application still authenticates but behind the scene ● Products/Implementations – MTech's P-Synch, Proginet's SecurPass, Systor's SAM Password Synchronization
Software Token Based Authentication ● Allow users to enter their username and password in order to obtain a token ● Once their token has been obtained, the user can offer the token - which offers access to a specific resource for a time period - to the remote site instead of credentials ● Complex encryption with complex logic differentiates the implementations ● Usually associated with a session – Web SSO - Browser session – Other SSO - PC Log in session
Web SSO ● Works for browser based applications ● Cookie support is required – Because token is kept in a cookie ● Usually single sign-on to applications deployed on a single web server (domain) ● Implementations – Jasig CAS
PC Login session based SSO ● Works for all kinds of applications – Mail clients – Web applications ● Token is kept in user session ● Client application should implement this feature ● Implementations – Some Kerberos implementations – NTLM
Mobile SSO ● Since Mobile Phone/Tab is a strictly personal device, SSO has not very significant role ● Can save all different passwords like in Legacy SSO ● As technology is getting complicated, SSO will be introduced in near future
Q & A
References ● https://www.owasp.org/images/2/26/OWASPSa nAntonio_2006_08_SingleSignOn.ppt ● http://www.jasig.org/cas/protocol ● http://web.mit.edu/kerberos/ ● Various SSO products pages
Thank you and Good luck :-)

More Related Content

PPTX
SINGLE SIGN-ON
Shambhavi Sahay
 
PPTX
SSO introduction
Aidy Tificate
 
PPTX
Single sign on - SSO
Ajit Dadresa
 
PPT
Presentation sso design_security
Marco Morana
 
PDF
Single sign on (SSO) How does your company apply?
Đỗ Duy Trung
 
PPTX
What is SSO? An introduction to Single Sign On
Riddhi Sood
 
PPTX
Single Sign On 101
Mike Schwartz
 
PPT
SSO Strategy Implementation Considerations
John Bauer
 
SINGLE SIGN-ON
Shambhavi Sahay
 
SSO introduction
Aidy Tificate
 
Single sign on - SSO
Ajit Dadresa
 
Presentation sso design_security
Marco Morana
 
Single sign on (SSO) How does your company apply?
Đỗ Duy Trung
 
What is SSO? An introduction to Single Sign On
Riddhi Sood
 
Single Sign On 101
Mike Schwartz
 
SSO Strategy Implementation Considerations
John Bauer
 

What's hot (20)

PDF
Enterprise Single Sign-On - SSO
Oliver Mueller
 
PPTX
Identity and Access Management Introduction
Aidy Tificate
 
PPT
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
PDF
Introduction to SAML 2.0
Mika Koivisto
 
PPTX
Single Sign On Considerations
Venkat Gattamaneni
 
PPTX
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
PDF
F5 ASM v12 DDoS best practices
Lior Rotkovitch
 
PDF
SAML Protocol Overview
Mike Schwartz
 
PDF
Introduction to OpenID Connect
Nat Sakimura
 
PPTX
An Introduction to OAuth2
Aaron Parecki
 
PDF
SAML VS OAuth 2.0 VS OpenID Connect
Ubisecure
 
PPT
Application Security
Reggie Niccolo Santos
 
PDF
OAuth
Iván Fernández Perea
 
PPTX
Draft: building secure applications with keycloak (oidc/jwt)
Abhishek Koserwal
 
PDF
OpenID Connect Explained
Vladimir Dzhuvinov
 
PDF
Introduction to OAuth2.0
Oracle Corporation
 
PPTX
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
PDF
OAuth & OpenID Connect Deep Dive
Nordic APIs
 
PPTX
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
PDF
Implementing OAuth
leahculver
 
Enterprise Single Sign-On - SSO
Oliver Mueller
 
Identity and Access Management Introduction
Aidy Tificate
 
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
Introduction to SAML 2.0
Mika Koivisto
 
Single Sign On Considerations
Venkat Gattamaneni
 
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
F5 ASM v12 DDoS best practices
Lior Rotkovitch
 
SAML Protocol Overview
Mike Schwartz
 
Introduction to OpenID Connect
Nat Sakimura
 
An Introduction to OAuth2
Aaron Parecki
 
SAML VS OAuth 2.0 VS OpenID Connect
Ubisecure
 
Application Security
Reggie Niccolo Santos
 
OAuth
Iván Fernández Perea
 
Draft: building secure applications with keycloak (oidc/jwt)
Abhishek Koserwal
 
OpenID Connect Explained
Vladimir Dzhuvinov
 
Introduction to OAuth2.0
Oracle Corporation
 
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
OAuth & OpenID Connect Deep Dive
Nordic APIs
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
Implementing OAuth
leahculver
 
Ad

Viewers also liked (19)

PPTX
Single sign on
Rob Fitzgibbon
 
PDF
Single Sign-On Best Practices
Salesforce Developers
 
PDF
Pharmaceutical e-Marketing v2.0
Jean-Luc Caut
 
PPT
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Craig Dickson
 
PPTX
Setting up the To Do Module
Michael Payne
 
ODP
Hadoop - Overview
Jay
 
PPTX
IT Strategy Development Process
Robert Moores
 
DOCX
Home exam answers
Gaurav Dwivedi
 
PPT
Plants adaptations presentation for kids
Verónica Estapé
 
PPTX
Top 10 tech support manager interview questions and answers
marcdanny68
 
PPTX
Top 10 project officer interview questions and answers pdf
HelenMirren123
 
DOCX
Training Program Presentation
Stacey Troup
 
PDF
Retail Brand Development. Challenges and Opportunities - a Russian Perspective
SCG International
 
PPTX
Electrical Pressure Measuring Devices
Maria Romina Angustia
 
PPT
Transcription & Translation
Crystal Wood
 
PPTX
SOLID DISPERSION TECHNIQUE
Rahul Pandit
 
PPTX
Thermistor Temperature Sensors
Dwyer Instruments
 
PPTX
Gas chromatography and its instrumentation
Argha Sen
 
PPTX
Febrile neutropenia
Ahmed Allam
 
Single sign on
Rob Fitzgibbon
 
Single Sign-On Best Practices
Salesforce Developers
 
Pharmaceutical e-Marketing v2.0
Jean-Luc Caut
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Craig Dickson
 
Setting up the To Do Module
Michael Payne
 
Hadoop - Overview
Jay
 
IT Strategy Development Process
Robert Moores
 
Home exam answers
Gaurav Dwivedi
 
Plants adaptations presentation for kids
Verónica Estapé
 
Top 10 tech support manager interview questions and answers
marcdanny68
 
Top 10 project officer interview questions and answers pdf
HelenMirren123
 
Training Program Presentation
Stacey Troup
 
Retail Brand Development. Challenges and Opportunities - a Russian Perspective
SCG International
 
Electrical Pressure Measuring Devices
Maria Romina Angustia
 
Transcription & Translation
Crystal Wood
 
SOLID DISPERSION TECHNIQUE
Rahul Pandit
 
Thermistor Temperature Sensors
Dwyer Instruments
 
Gas chromatography and its instrumentation
Argha Sen
 
Febrile neutropenia
Ahmed Allam
 
Ad

Similar to Single Sign On - The Basics (20)

PDF
Why you should use true single-sign-on in Icinga Web 2 - Icinga Camp Stockhol...
Icinga
 
PDF
Tdp ws trust
GWAVA
 
PPT
Single sign on and its significance .ppt
DAKSHATAPANCHAL2
 
PPTX
SSO IN/With Drupal and Identitiy Management
Manish Harsh
 
PDF
OWASP Top 10 Proactive Control 2016 (C5-C10)
Narudom Roongsiriwong, CISSP
 
PDF
Implementation of Single Sign On (SSO) Technology Using SAML Standards At U...
irawan afrianto
 
PPT
Single sign on assistant an authentication brokers
Finalyear Projects
 
PPTX
Anonymous Individual Integration for IoT
Paul Fremantle
 
PPT
sso_on_new system with security is more concern
2022mt93375
 
PPTX
IoT mobile app device cloud identity and security architecture
Vinod Wilson
 
PDF
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
APIsecure_ Official
 
PDF
implement authentication mechanisms
Alireza Ghahrood
 
PPTX
PAM System Introduction.pptx, technical proposal for Pam system
osamarbt
 
PDF
ForgeRock Platform Release - Summer 2016
ForgeRock
 
PDF
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
PDF
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
Maxim Salnikov
 
PDF
Webinar: Talking to Devices - The Importance of a Comprehensive Internet of T...
WSO2
 
PPTX
Choosing the Best Business Intelligence Security Model for Your App
Logi Analytics
 
PPTX
Securing ap is oauth and fine grained access control
AaronLieberman5
 
PDF
Mobile Authentication - Moving Towards a Passwordless Future
ForgeRock Identity Tech Talks
 
Why you should use true single-sign-on in Icinga Web 2 - Icinga Camp Stockhol...
Icinga
 
Tdp ws trust
GWAVA
 
Single sign on and its significance .ppt
DAKSHATAPANCHAL2
 
SSO IN/With Drupal and Identitiy Management
Manish Harsh
 
OWASP Top 10 Proactive Control 2016 (C5-C10)
Narudom Roongsiriwong, CISSP
 
Implementation of Single Sign On (SSO) Technology Using SAML Standards At U...
irawan afrianto
 
Single sign on assistant an authentication brokers
Finalyear Projects
 
Anonymous Individual Integration for IoT
Paul Fremantle
 
sso_on_new system with security is more concern
2022mt93375
 
IoT mobile app device cloud identity and security architecture
Vinod Wilson
 
2022 APIsecure_Passwordless Multi-factor Authentication Security and Identity
APIsecure_ Official
 
implement authentication mechanisms
Alireza Ghahrood
 
PAM System Introduction.pptx, technical proposal for Pam system
osamarbt
 
ForgeRock Platform Release - Summer 2016
ForgeRock
 
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
Maxim Salnikov
 
Webinar: Talking to Devices - The Importance of a Comprehensive Internet of T...
WSO2
 
Choosing the Best Business Intelligence Security Model for Your App
Logi Analytics
 
Securing ap is oauth and fine grained access control
AaronLieberman5
 
Mobile Authentication - Moving Towards a Passwordless Future
ForgeRock Identity Tech Talks
 

Recently uploaded (20)

PPTX
Presentation of Computer CLASS 2 .pptx
darshilchaudhary558
 
PDF
Convert Thunderbird to Outlook into bulk
preetidigitalberge
 
PDF
Micromaid: A simple Mermaid-like chart generator for Pharo
ESUG
 
PDF
Jenkins: An open-source automation server powering CI/CD Automation
SaikatBasu37
 
PDF
Teaching Reproducibility and Embracing Variability: From Floating-Point Exper...
University of Rennes, INSA Rennes, Inria/IRISA, CNRS
 
PDF
Become an Agentblazer Champion Challenge
Dele Amefo
 
PPTX
Odoo Consulting Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
Become an Agentblazer Champion Challenge Kickoff
Dele Amefo
 
PPTX
Visualising Data with Scatterplots in IBM SPSS Statistics.pptx
Version 1 Analytics
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
IEEE-CS Tech Predictions, SWEBOK and Quantum Software: Towards Q-SWEBOK
Hironori Washizaki
 
PPTX
Materi_Pemrograman_Komputer-Looping.pptx
RanuFajar1
 
PPTX
AIRLINE PRICE API | FLIGHT API COST |
philipnathen82
 
PDF
Comprehensive Salesforce Implementation Services.pdf
VALiNTRY360
 
PPTX
Hire Expert Blazor Developers | Scalable Solutions by OnestopDA
OnestopDA
 
PDF
ShowUs: Pharo Stream Deck (ESUG 2025, Gdansk)
ESUG
 
PPTX
Save Business Costs with CRM Software for Insurance Agents
Insurance Tech Services
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
DOCX
The Future of Smart Factories Why Embedded Analytics Leads the Way
Varsha Nayak
 
PPTX
Materi-Enum-and-Record-Data-Type (1).pptx
RanuFajar1
 
Presentation of Computer CLASS 2 .pptx
darshilchaudhary558
 
Convert Thunderbird to Outlook into bulk
preetidigitalberge
 
Micromaid: A simple Mermaid-like chart generator for Pharo
ESUG
 
Jenkins: An open-source automation server powering CI/CD Automation
SaikatBasu37
 
Teaching Reproducibility and Embracing Variability: From Floating-Point Exper...
University of Rennes, INSA Rennes, Inria/IRISA, CNRS
 
Become an Agentblazer Champion Challenge
Dele Amefo
 
Odoo Consulting Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
Become an Agentblazer Champion Challenge Kickoff
Dele Amefo
 
Visualising Data with Scatterplots in IBM SPSS Statistics.pptx
Version 1 Analytics
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
IEEE-CS Tech Predictions, SWEBOK and Quantum Software: Towards Q-SWEBOK
Hironori Washizaki
 
Materi_Pemrograman_Komputer-Looping.pptx
RanuFajar1
 
AIRLINE PRICE API | FLIGHT API COST |
philipnathen82
 
Comprehensive Salesforce Implementation Services.pdf
VALiNTRY360
 
Hire Expert Blazor Developers | Scalable Solutions by OnestopDA
OnestopDA
 
ShowUs: Pharo Stream Deck (ESUG 2025, Gdansk)
ESUG
 
Save Business Costs with CRM Software for Insurance Agents
Insurance Tech Services
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
The Future of Smart Factories Why Embedded Analytics Leads the Way
Varsha Nayak
 
Materi-Enum-and-Record-Data-Type (1).pptx
RanuFajar1
 

Single Sign On - The Basics

  • 1. Single Sign On – The Basics Ishan A B Ambanwela
  • 2. Contents ● What is SSO ● Not to be Confused with ● Pros & Cons ● SSO Approaches – By Configuration ● Types of SSO – Legacy SSO – Password Synchronization – Software Token Based Authentication ● Browser Session ● PC Login session – Mobile SSO ● Q&A
  • 3. What is SSO ● Single sign-on gives users the ability to access more than one protected resource (Web pages and applications) with one authentication.
  • 4. Not to be Confused with... ● Authentication vs Authorization ● Shared authentication schemes – Oauth – OpenID / OpenID Connect – Facebook Connect ● Single Sign Out
  • 5. Pros & Cons ● Reduced operational cost ● Reduced time to access data ● Improved user experience ● Ease burden on developers ● Centralized management of users ● Fine grained auditing ● Effective compliance ● Advanced security to systems – Smart cards, One time password tokens ● impractical in different levels of secure access ● increases the negative impact in case of credentials exposed ● makes the authentication systems highly critical ● Complex logics and pitfalls ● Should combined with strong authentication methods – Smart cards, One time password tokens
  • 6. SSO Approaches – By Configuration ● Smart card based ● Kerberos based ● SAML (Security Assertion Markup Language) ● Integrated Windows Authentication – An umbrella term for ● SPNEGO, Kerberos, and NTLMSSP
  • 7. Types of SSO ● Legacy SSO ● Password synchronization ● Software Token Based Authentication
  • 8. Legacy SSO ● aka - Enterprise or Employee SSO (eSSO) ● After primary authentication, it intercepts further login prompts and fills them for you ● Which is accomplished using – Script ● Which executes the real application with credentials – Background service ● Monitors for login prompts and pass credentials ● Products/Implementations – Citrix Password Manager, Imprivata eSSO appliance, PassLogix, Novell’s Secure Login
  • 9. Password Synchronization ● A process that coordinates passwords across multiple computers and devices and/or applications ● Each computer, device, application still authenticates but behind the scene ● Products/Implementations – MTech's P-Synch, Proginet's SecurPass, Systor's SAM Password Synchronization
  • 10. Software Token Based Authentication ● Allow users to enter their username and password in order to obtain a token ● Once their token has been obtained, the user can offer the token - which offers access to a specific resource for a time period - to the remote site instead of credentials ● Complex encryption with complex logic differentiates the implementations ● Usually associated with a session – Web SSO - Browser session – Other SSO - PC Log in session
  • 11. Web SSO ● Works for browser based applications ● Cookie support is required – Because token is kept in a cookie ● Usually single sign-on to applications deployed on a single web server (domain) ● Implementations – Jasig CAS
  • 12. PC Login session based SSO ● Works for all kinds of applications – Mail clients – Web applications ● Token is kept in user session ● Client application should implement this feature ● Implementations – Some Kerberos implementations – NTLM
  • 13. Mobile SSO ● Since Mobile Phone/Tab is a strictly personal device, SSO has not very significant role ● Can save all different passwords like in Legacy SSO ● As technology is getting complicated, SSO will be introduced in near future
  • 14. Q & A
  • 16. Thank you and Good luck :-)