際際滷

際際滷Share a Scribd company logo

Web Single sign on system

Swati Sinha
Swati Sinha

Outline : Introduction of SSO Need of SSO Simple SSO process Types of SSO Architecture of web SSO system Kerberos-Based Authentication How it works? Conclusion References

1 of 18
Prepared by, Jyoti Belsare Guided by, Mr. Aditya Sinha WEB SINGLE SIGN ON SYSTEM
Outline Introduction of SSO Need of SSO Simple SSO process Types of SSO Architecture of web SSO system Kerberos-Based Authentication How it works? Conclusion References
Introduction of SSO Single sign-on is a user/session authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.
Need of SSO Removes the need for a user to constantly remember the password for each security domain Increases productivity while reducing cost and frustration Eliminates the need for a user identity to exist in each web application
Simple SSO process
Types of SSO There are main three types: Web Single Sign On Legacy Single Sign On Federated Single Sign On
Architecture of web SSO system Single Sign-On With Multiple Sets of Credentials Secure Client-side Credential Caching Secure Server-side Credential Caching Single Sign-On With Single Set of Credentials PKI-based Single Sign-On Token-based Single Sign-On
Kerberos-Based Authentication Kerberos is a network authentication protocol, designed to provide strong authentication for client/server applications, using secret key cryptography mechanism. It can also encrypt all of the communications to ensure the user privacy and the data integrity as a security feature.
How it works.. Kerberos V5 is a token-based authentication scheme through a trusted third party. The end user and the service trust a common authentication server which is called the Kerberos Key Distribution Centre (KDC). The KDC shares the secret keys with both of the user and service. These secret keys from each principal are encrypted in a local database of the KDC, used to prove the principals identities and to establish the encrypted sessions between the KDC and the principals.
Continue.. key exchange scenario of Kerberos
Logout A user only need to click the sign out logo, then, all the cookies from participating sites during browser session will be deleted. These cookies also will expire after a certain period of time.
Technology Requirement The HTTP communication between the client and server The implementation of safe redirection The use of secure sockets layer and secure cookie.
Benefits Of SSO No need to manage large numbers of passwords. Reduced exposure to the risks of data loss. Users already trust the identity provider. A simpler sign-up and login process.
Drawbacks of SSO Single point of failure Single high-value target Lack of control over your user list Complexity Private information disclosure between trusting site and SSO authority
Conclusion Implementing web SSO system with a comprehensive security solution is a complex problem. Since there is no universal single sign-on standard exists, the method used to implement SSO varies with the requirements.
Future Development To meet different levels of requirements, this solution could be upgraded and extended to incorporate support for various authentication mechanisms and interface modes.
References [1] M. E. Kabay, Identification, Authentication and Authorization on the World Wide Web, Oct 16, 2002 http://www.secinf.net/websecurity/WWW_Security/Identification_Authen tication_and_Authorization_on_the_World_Wide_Web.html [2] The Open Group, Introduction to Single Sign-On, 20 May, 1998 http://www.opengroup.org/security/sso/sso_intro.htm [3] Laura Taylor, Understanding Single Sign-On, 28 May, 2002 http://www.intranetjournal.com/articles/200205/se_05_28_0 2a.html [4] Sun, Sun Java System Access Manager Technical Overview Federation Management, 2005 http://docs.sun.com/source/817-7643/5_federation.html
THANK YOU

More Related Content

Web Single sign on system

  • 1. Prepared by, Jyoti Belsare Guided by, Mr. Aditya Sinha WEB SINGLE SIGN ON SYSTEM
  • 2. Outline Introduction of SSO Need of SSO Simple SSO process Types of SSO Architecture of web SSO system Kerberos-Based Authentication How it works? Conclusion References
  • 3. Introduction of SSO Single sign-on is a user/session authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.
  • 4. Need of SSO Removes the need for a user to constantly remember the password for each security domain Increases productivity while reducing cost and frustration Eliminates the need for a user identity to exist in each web application
  • 6. Types of SSO There are main three types: Web Single Sign On Legacy Single Sign On Federated Single Sign On
  • 7. Architecture of web SSO system Single Sign-On With Multiple Sets of Credentials Secure Client-side Credential Caching Secure Server-side Credential Caching Single Sign-On With Single Set of Credentials PKI-based Single Sign-On Token-based Single Sign-On
  • 8. Kerberos-Based Authentication Kerberos is a network authentication protocol, designed to provide strong authentication for client/server applications, using secret key cryptography mechanism. It can also encrypt all of the communications to ensure the user privacy and the data integrity as a security feature.
  • 9. How it works.. Kerberos V5 is a token-based authentication scheme through a trusted third party. The end user and the service trust a common authentication server which is called the Kerberos Key Distribution Centre (KDC). The KDC shares the secret keys with both of the user and service. These secret keys from each principal are encrypted in a local database of the KDC, used to prove the principals identities and to establish the encrypted sessions between the KDC and the principals.
  • 10. Continue.. key exchange scenario of Kerberos
  • 11. Logout A user only need to click the sign out logo, then, all the cookies from participating sites during browser session will be deleted. These cookies also will expire after a certain period of time.
  • 12. Technology Requirement The HTTP communication between the client and server The implementation of safe redirection The use of secure sockets layer and secure cookie.
  • 13. Benefits Of SSO No need to manage large numbers of passwords. Reduced exposure to the risks of data loss. Users already trust the identity provider. A simpler sign-up and login process.
  • 14. Drawbacks of SSO Single point of failure Single high-value target Lack of control over your user list Complexity Private information disclosure between trusting site and SSO authority
  • 15. Conclusion Implementing web SSO system with a comprehensive security solution is a complex problem. Since there is no universal single sign-on standard exists, the method used to implement SSO varies with the requirements.
  • 16. Future Development To meet different levels of requirements, this solution could be upgraded and extended to incorporate support for various authentication mechanisms and interface modes.
  • 17. References [1] M. E. Kabay, Identification, Authentication and Authorization on the World Wide Web, Oct 16, 2002 http://www.secinf.net/websecurity/WWW_Security/Identification_Authen tication_and_Authorization_on_the_World_Wide_Web.html [2] The Open Group, Introduction to Single Sign-On, 20 May, 1998 http://www.opengroup.org/security/sso/sso_intro.htm [3] Laura Taylor, Understanding Single Sign-On, 28 May, 2002 http://www.intranetjournal.com/articles/200205/se_05_28_0 2a.html [4] Sun, Sun Java System Access Manager Technical Overview Federation Management, 2005 http://docs.sun.com/source/817-7643/5_federation.html