Single Sign On Glen Dorton 1/18/2019.

Slides:



Advertisements
Similar presentations
Chapter 14 – Authentication Applications
Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
Chapter Five Users, Groups, Profiles, and Policies.
Research and Innovation Participant Portal How to register for an ECAS account NEXT.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Presented by: Mark Hendricks
An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.
Microsoft Passport Waldemar Swiercz.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
CS795/895.NET Passport1. NET PASSPORT &TRUSTBRIDGE SHRIPAD PATIL CS795/895 SECURITY IN DISTRIBUTED SYSTEMS.
Identity Management, what does it solve By Gautham Mudra.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Session 11: Security with ASP.NET
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Identity on Force.com & Benefits of SSO Nick Simha.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
External user invited This creates invitation in Access Request List Invitation sent to guest with invitation URL Guest clicks URL. Verification.
Simplify TeleHealth - Copyright 2012 Emerge.MD inc - Confidential Single Sign On via Active Directory Federation Services 4.6 Release (March 2014) Updates.
Dale Smith COSC 4010 Computer Security Authentication & Security in the.NET environment.
Module 11: Securing a Microsoft ASP.NET Web Application.
Passport Project Introduction -- Single Sign-on Concept Demo of Passport Behind the Scenes -- Packet Capture Vulnerabilities & Futures Team –Jay Benson,
Review Of Single Sign On Systems Mansee A. Mongia 05 th March,2008.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
Problems With Centralized Passwords Dartmouth College PKI Lab.
Getting started with VendorVision Getting started with VendorVision Congratulations on using VendorVision! To get started, go to the VendorVision.
The Exchange Network Node Mentoring Workshop User Management on the Exchange Network Joe Carioti February 28, 2005.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Management Security in distributed and remote network management protocols.
One Picture 4 Points No Passwords
Unvalidated Redirects & Forwards
Secure Connected Infrastructure
Chapter 7: Identifying Advanced Attacks
Microsoft Passport and Windows Hello Developer’s Guide to Windows 10 Build SDK Update Andy Wigley
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Cryptography and Network Security
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
ACTIVE DIRECTORY ADMINISTRATION
Radius, LDAP, Radius used in Authenticating Users
CSCE 715: Network Systems Security
Authentication Applications
Active Directory Administration
Authentication Protocol
CSCE 715: Network Systems Security
Automating Mainframe Authentication Using SecureLogin
Update on EDG Security (VOMS)
Enterprise Single Sign-On
Multifactor Authentication & First Time Login
Authentication and Access:
Single Sign-on with Kerberos
Kerberos.
Computer Security Distributed System Security
Security & .NET 12/1/2018.
SINGLE SIGN ON AND SECURITY
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Designing IIS Security (IIS – Internet Information Service)
Week 7 - Wednesday CS363.
Presentation transcript:

Single Sign On Glen Dorton 1/18/2019

The Problem Users have to authenticate to multiple systems User name and password is the most common authentication scheme Users are required to remember multiple user names and passwords, one per system Why is this a problem? 1/18/2019

Solution: Single Sign On Single sign on still employs user name and password as most common method However, users only need to remember one user name and password to access all systems 1/18/2019

Benefits One sign on grants access to all resources Users will be less likely to write down passwords and hide the paper under a keyboard Administration of user accounts and access control is vastly simplified Improved security through administration ease, better control of account management 1/18/2019

Problems Subject to standard password attacks Once a password is compromised or an attacker can create an account, access to all resources allowed for that user is obtained Central point of failure 1/18/2019

Implementations Scripting Kerberos Secure European System for Applications in a Multi-vendor Environment Diskless workstations Directory Services Microsoft .NET Passport 1/18/2019

Microsoft .NET Passport Developed to provide single sign on solution to web based applications Kids Passport Service 1/18/2019

Microsoft .NET Passport Registration Stores credentials and personal information Email address is user id Human Interaction Protocol Email validation 1/18/2019

Microsoft .NET Passport Authentication Uses authentication ticket – “ticket granting cookie” Subsequent sites may use same authentication ticket based on its age Sign out of password accomplished by deleting cookies except if “sign me in automatically” is enabled 1/18/2019

Problems with .NET Passport Key management Uses 3DES, keys generated randomly and must be distributed securely Persistent cookies Allow user to be ‘logged in’ all the time Theft of cookies Coding vulnerabilities 1/18/2019

Passport Attacks Phishing – attacker sets up fake merchant site and redirects to fake passport.com, user enters credentials Man in the middle – attacker intercepts legitimate redirect to passport.com and redirects to his own fake passport.com DNS attacks – passport relies on redirects to passport.com for authentication 1/18/2019

Conclusion Becoming more prevalent with directory services Difficult to implement with systems that have proprietary authentication schemes Will be more practical in the future 1/18/2019

References Passport risks: http://avirubin.com/passport.html Opengroup: http://www.opengroup.org/security/sso/ Microsoft .NET Passport Review Guide http://www.microsoft.com/net/services/passport/review_guide.asp 1/18/2019

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.