What is SSO
Single sign-on is a user/session authentication process that permits a user to enter one name and password in order to access multiple applications.
The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.
Definitions of Single Sign-On (SSO) on the Web:
Users sign onto a site only once and are given access to one or more applications in a single domain or across multiple domains. It is a mechanism to verify a user across multiple applications through a single authentication challenge. Web Sphere Portal Server uses Java Authentication and Authorization Services to achieve single sign-on.One log-on provides access to all resources of the network, LAN, or WAN.
It can be illustrated in two different scopes. One is in the client/server relationship and the other is in the e-commerce domain.
1. In Client / Server relationship
“In any client/server relationship, single sign-on is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications.”
2. In E-commerce
“In e-commerce, the single sign-on (sometimes referred to as SSO) is designed to centralize consumer financial information on one server- not only for the consumer's convenience, but also to offer increased security by limiting the number of times the consumer enters credit card numbers or other sensitive information used in billing.”
How does it work?
Advantages of Single-sign on
1 Ease of going from application to application without logging off and on again
2 Protects your identity by use of a Universal Identification Number (UIN) rather than your Number
3 Faster access to your important information
4 Reduced operational cost
5 Reduced time to access data.
6 Improved user experience, no password lists to carry
7 Advanced security to systems
8 Strong authentication
· One Time Password devices
9 Ease’s burden on developers
10 Centralized management of users, roles
11 Fine grained auditing
12 Effective compliance (SOX, HIPPA)
13 Users select stronger passwords, since the need for multiple passwords and change synchronization is avoided.
14 Inactivity timeout and attempt thresholds are applied uniformly closer to user points of entry.
15 It improves the effectiveness/timeliness of disabling all network/computer accounts for terminated users.
16 It improves an administrator's ability to manage users and user configurations to all associated systems.
17 It reduces administrative overhead in resetting forgotten passwords over multiple platforms and applications.
18 It provides users with the convenience of having to remember only a single set of credentials.
19 This also improves security as users find it easier to remember their credentials and do not have to write them down, allowing for a more efficient user logon process.
20 It reduces the time taken by users to log into multiple applications and platforms.
1. Using only one SSO server can introduce a single point of network failure.
2. Few software solutions accommodate all major operating system environments; a mix of solutions must be tailored to the enterprise's IT architecture and strategic direction.
3. Substantial interface development and maintenance may be necessary, especially in the absence of industry-based standards.
4. The SSO server and other host security must be hardened since Weaknesses can now be exploited across the enterprise.
5. Most SSO-software packages include additional access control features for which purchaser is charged even if they are redundant of any existing controls.
Types of SSO
1 Password Synchronization
2 Legacy SSO (Employee/Enterprise SSO)
3 Web Access Management (WAM)
4 Cross Domain (realm) SSO
5 Federated SSO