1 / 13

Single Sign-On

Single Sign-On. - Mayuresh Pardeshi M.Tech CSE - I. Contents:. Introduction Working Structure Features Applications. Why do we need SSO ?. Current Situation: Network users interact with multiple service providers. SSO:.

Download Presentation

Single Sign-On

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Single Sign-On -MayureshPardeshi M.Tech CSE - I

  2. Contents: • Introduction • Working Structure • Features • Applications

  3. Why do we need SSO ? Current Situation: Network users interact with multiple service providers.

  4. SSO: • A mechanism that allows users to authenticate themselves only once, and then log into multiple service providers, without necessarily having to re-authenticate. • Authentication Service Provider (ASP). • Service providers are aware of the ASP: • establish explicit trust relations, policies, contracts and supporting security infrastructure (e.g. PKI). • ASP is either a trusted third party or part of the user system (requires tamper-resistant hardware, e.g. smartcard, TPM).

  5. General SSO Protocol Typical Information Flow } Repeated as necessary

  6. Types of SSO: • Password Synchronization SecurePassSAM, Pass Synch • Legacy SSO Novell’s Secure Login & Microsoft Windows Server • Web Access Management (WAM) RSA • Cross Domain SSO OpenSSO, CAS • Federated SSO Facebook Connect, Google

  7. Novell SecureLogin

  8. Oblix (Oracle)

  9. SAML: • 1.The service provider received the client request, and it sent the request to Identity provider to do the client authentication. • 2.Identity provider authenticate the client, create the assertion , and pass it back to the service provider. SAML assertions can be add a SOAP Header blocks, and pass by the HTTP protocol

  10. Request from the Service provider • Here, a sample SAML-compliant request is sent from a service provider requesting password authentication by the identity provider. <samlp: Request ...> <samlp: AttributeQuery> <saml: Subject> <saml: NameIdentifierSecurityDomain="sun. com" Name="rimap"/> </ saml: Subject> <saml: AttributeDesignatorAttributeName="Employee_ ID" AttributeNamespace="sun. com"> </ saml: AttributeDesignator> </ samlp: AttributeQuery> </ samlp: Request>

  11. Response from the Identity provider • In response, the issuing authority asserts that the subject (S) was authenticated by means (M) at time (T). <samlp: Response MajorVersion="1" MinorVersion="0" RequestID="" InResponseTo="123.45.678.90.12345678" StatusCode="/features/2002/05/Success"> <saml: Assertion MajorVersion="1" MinorVersion="0" AssertionID="123.45.678.90.12345678" Issuer="Sun Microsystems, Inc." IssueInstant="2002- 01- 14T10: 00: 23Z"> <saml: Conditions NotBefore="2002- 01- 14T10: 00: 30Z" NotAfter="2002- 01- 14T10: 15: 00Z" /> <saml: AuthenticationStatementAuthenticationMethod="Password" AuthenticationInstant="2001- 01- 14T10: 00: 20Z"> <saml: Subject> <saml: NameIdentifierSecurityDomain="sun. com" Name="rimap" /> </ saml: Subject> </ saml: AuthenticationStatement> </ saml: Assertion> </ samlp: Response>

  12. Advantages • Reduced operational cost • Reduced time to access data • Improved user experience, no password lists to carry • Advanced security to systems • Strong authentication • One Time Password devices • Smartcards • Ease burden on developers • Centralized management of users, roles • Fine grained auditing • Effective compliance (SOX, HIPPA)

  13. References: • “OWASP, SanAntonioSingleSignOn” 2006-08, Vijay Kumar, CISSP. • “Using EMV cards for Single Sign-On” 1st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell • www.cafesoft.com/support/security/glossary.html • www.ibm.com/software/webservers/portal/library/v12/InfoCenter/wps/glossary.htm • www.suliscommunication.com/language/ecommerce/ebus3.htm • http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci340859,00.html • http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci340859,00.html • Microsoft .Net Passport Review Guide • Telling Humans and Computers Apart Automatically • XADM: How Secure Sockets Layer Works Microsoft.com

More Related