Presentation is loading. Please wait.

Presentation is loading. Please wait.

Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I.

Published byAusten Harry Palmer Modified over 9 years ago

Similar presentations

Presentation on theme: "Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I."— Presentation transcript:

1 Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I

2 Contents:  Introduction  Working Structure  Features  Applications

3 3 Why do we need SSO ? Current Situation: Network users interact with multiple service providers.

4 SSO:  A mechanism that allows users to authenticate themselves only once, and then log into multiple service providers, without necessarily having to re-authenticate.  Authentication Service Provider (ASP).  Service providers are aware of the ASP:  establish explicit trust relations, policies, contracts and supporting security infrastructure (e.g. PKI).  ASP is either a trusted third party or part of the user system (requires tamper-resistant hardware, e.g. smartcard, TPM).

5 5 General SSO Protocol Typical Information Flow } Repeated as necessary

6 Types of SSO:  Password Synchronization SecurePassSAM, Pass Synch  Legacy SSO Novell’s Secure Login & Microsoft Windows Server  Web Access Management (WAM) RSA  Cross Domain SSO OpenSSO, CAS  Federated SSO Facebook Connect, Google

7 Novell SecureLogin

8 Oblix (Oracle)

9 SAML:  1.The service provider received the client request, and it sent the request to Identity provider to do the client authentication.  2.Identity provider authenticate the client, create the assertion, and pass it back to the service provider. SAML assertions can be add a SOAP Header blocks, and pass by the HTTP protocol

10 Request from the Service provider  Here, a sample SAML-compliant request is sent from a service provider requesting password authentication by the identity provider.

11 Response from the Identity provider  In response, the issuing authority asserts that the subject (S) was authenticated by means (M) at time (T).

12 Advantages  Reduced operational cost  Reduced time to access data  Improved user experience, no password lists to carry  Advanced security to systems  Strong authentication  One Time Password devices  Smartcards  Ease burden on developers  Centralized management of users, roles  Fine grained auditing  Effective compliance (SOX, HIPPA)

13 References: 1) “OWASP, SanAntonio SingleSignOn” 2006-08, Vijay Kumar, CISSP. 2) “Using EMV cards for Single Sign-On” 1 st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell 3) www.cafesoft.com/support/security/glossary.html www.cafesoft.com/support/security/glossary.html 4) www.ibm.com/software/webservers/portal/library/v12/InfoCenter/wps/glossary.htm www.ibm.com/software/webservers/portal/library/v12/InfoCenter/wps/glossary.htm 5) www.suliscommunication.com/language/ecommerce/ebus3.htm www.suliscommunication.com/language/ecommerce/ebus3.htm 6) http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci340859,00.html 7) http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci340859,00.html 8) Microsoft.Net Passport Review Guide 9) Telling Humans and Computers Apart Automatically 10) XADM: How Secure Sockets Layer Works Microsoft.com

Download ppt "Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I."

Similar presentations

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.

Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.

SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Www.mobilevce.com © 2004 Mobile VCE June 2004 Security – Requirements and approaches to securing future mobile services Malcolm K Payne BT.

© 2004 Mobile VCE June 2004 Security – Requirements and approaches to securing future mobile services Malcolm K Payne BT.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Authentication via campus single sign-on 2012 VIVO Implementation Fest.

Authentication via campus single sign-on 2012 VIVO Implementation Fest.
Web services security I

Web services security I
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13, 2014 1.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,

Similar presentations

Ads by Google