- SSO is a session and user authentication service
- single sign-on - a single action of signing in provides access to multiple software systems.
- single sign-off - a single action of signing out terminates access to multiple software systems.
- SSO must internally store the credentials used for initial authentication and translate them to the credentials required for the different mechanisms.
- can cause a potential damage to security since an attacker who cracked a password has acces to all the SPs once signed in
- examples of protocols used - Kerberos, SAML
SAML workflow
- Three main roles i.e.
- User
- Identity Provider (Middle layer between user and SP)
- Service Provider (SP) (ex: Facebook, Twitter etc.)
- SAML request is triggered by SP, SAML response is sent by IdP
Kerberos workflow
Refer SAML example
http://docs.spring.io/spring-security-saml/docs/current/reference/html/chapter-quick-start.html
No comments:
Post a Comment