SSO (Single Sign On/Off)

Tags:

Preview:

Click to see full reader

DESCRIPTION

What and Why is SSO? Different encryption algorithms, SSO Techniques, How does CAS and oAuth work?

Citation preview

SSOSingle Sign On/Off

Russel Mahmud

hossain@newscred.com

drive.google.com

gmail.google.com

drive.google.com

www.youtube.com

accounts.google.com

What is SSO?

SSO Foundations

Authorization

Access Control

Identification

Authentication

SSO

Why SSO?

1. End User Experience Enhanced2. Single Login Form3. Centralized Auditing/Reporting4. Developer Productivity Improved5. Multi-factor Authentication Support6. Reduce IT costs due to lower number of IT help desk calls

about passwords

Terminology

Cookies

Authentication

HTTPS

Encryption

Authorization

HTTPS

HTTPS

Encryption

1. Encryption algorithms transfer plain text into cipher text.2. Two main types of encryption algorithms:

• Symmetric encryption• Use same key for encryption and decryption

• Asymmetric encryption• Use different keys for encryption and decryption

3. Symmetric algorithms are much faster than Asymmetric encryption

RSA

HMAC

DSA

SSO Techniques

1. CAS2. SAML3. OpenID4. oAuth

How Does CAS work?

Web Application

CAS

Kerberos

1.0 Initial Request3.0 Service ticket transfer

4.0 Validate

2.1 Authentication2.3 Sets TGT Cookies

2.0 Service IDAuthentication

5.0 Access Web Server

LDAP

2.2 Authentication

How Does oAuth work?

NewsCred Auth(MVP)

Goals

1. Centralize authentication process2. Keep basic account data isolated3. Allow users to stay logged in while browsing different apps

NewsCred Auth Design

smartgallery.newscred.com1. Initial request

NewsCred Auth Design

smartgallery.newscred.com1. Initial request

redirect to https://accounts.newscred.com/login/

2. No local session

NewsCred Auth Design

smartgallery.newscred.com

1. Initial request

2. No local session(redirect)

accounts.newscred.com

2.0 Login form authentication

NewsCred Auth Design

smartgallery.newscred.com1. Initial request

2. No local session(redirect)

accounts.newscred.com

3.0 Login form Authentication

CDBDatabase

3.1 Login verification

NewsCred Auth Design

smartgallery.newscred.com1. Initial request

2. No local session(redirect)

accounts.newscred.com

3.0 Login form Authentication

CDBDatabase

3.1 Login verification

3.2 Sets Cookies (top domain)Redirect callback_url?token=encrypted_token

NewsCred Auth Design

smartgallery.newscred.com

1. Initial request

2. No local session(redirect)

accounts.newscred.com

3.0 Login form Authentication

CDBDatabase

3.1 Login verification

3.2 Sets Cookies (top domain)Redirect callback_url?token=encrypted_token

4.0 Transfer token

Set local cookies

NewsCred Auth Design

smartgallery.newscred.com

1. Initial request

2. No local session(redirect)

accounts.newscred.com

3.0 Login form Authentication

CDBDatabase

3.1 Login verification

3.2 Sets Cookies (top domain)Redirect callback_url?token=encrypted_token

4.0 Transfer token

Set local cookies

5.0 Access Web Application

Client Application Flowchart

LocalSession

?

AuthCookies

?

Yes

PrivateResource

Yes

NO

NO

Authentication Server

Create LocalSession

VerifyToken

NO

Toke

nRSA

HMACDSA

Challenges

1. Cross domain auto logged in issue2. Checking user permission of each domain3. Updating and deleting account information4. Cookies theft

Web Services

1. Public APIs : from anywhere, no authentication2. S2S APIs : authenticated via API keys

Questions ?

Recommended

Single Sign-On (SSO)
Documents
Azure Active Directory Single Sign-on (SSO) for Vonage
Documents
Wasabi Console User Guide...As an enterprise customer, you can sign in using Wasabi’s Single Sign On (SSO) feature. Refer to “Single Sign On (SSO) for Enterprise Accounts,” page1-12
Documents
Achieve Single Sign-on (SSO) for Microsoft ADFS
Documents
Single Sign On (SSO) Overview
Documents
Introduction à Sign&go Guide d’architecture · Apports du SSO pour l’entreprise Sign&go 9 Définition du Single Sign-On (SSO) Principe Le Single Sign-On (SSO), appelé Signature
Documents
IDENTITY MANAGEMENT & SINGLE SIGN-ON (SSO) HELP GUIDE · Identity Management Benefits • Single Sign-On (SSO) – Login and gain access to desired DAU applications – Eliminates
Documents
Implantación de un mecanismo de Single Sign-On (SSO)
Documents
Implementing Single Sign-On (SSO) in Healthcare
Healthcare
Single Sign-On Instructions (SSO) - State of · PDF fileSingle Sign-On Instructions (SSO) Registration for the SSO Step 1: Registration to Single Sign-On (SSO) Skip this section if
Documents
Single Sign-On Administrator Guide - business.linkedin.com · 2/15/2018 · About Single Sign-On (SSO) Enterprise Single Sign-On (SSO) allows your company’s employees to sign into
Documents
Single Sign-On (SSO) Single Sign-On (SSO) Strong Authentication
Documents
Enterprise Single Sign-On - SSO
Documents
O Single Sign-Off, Where Art Thou? An Empirical Analysis ...polakis/papers/sso-usenix18.pdf · facebook google twittervkontakte linkedinmicrosoft yandex yahoo amazoninstagram paypal
Documents
Architectural Design Patterns for SSO (Single Sign On) for SSO
Documents
SSO Single Sign on Specification
Documents
AccountView Single Sign On (SSO) - By All Accounts€¦ · AccountView Single Sign-On ... user maintenance, and application integration for SSO, using a set of ... Configuration –
Documents
managing SSO with shared credentials - Arcon Risk Control€¦ · credentials Introduction to Single Sign On (SSO) Secondary Sign-On Domain 2 Figure 1: Legacy Approach to Sign-On
Documents
with G Suite single sign-on (SSO) integration Tutorial
Documents
ANALISIS TEKNOLOGI SINGLE SIGN ON (SSO) DENGAN
Documents