SSO (Single Sign On/Off)

966 views

Published on

What and Why is SSO? Different encryption algorithms, SSO Techniques, How does CAS and oAuth work?

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
966
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SSO (Single Sign On/Off)

  1. 1. SSO Single Sign On/Off Russel Mahmud hossain@newscred.com
  2. 2. drive.google.com gmail.google.com drive.google.com www.youtube.com accounts.google.com What is SSO?
  3. 3. SSO Foundations Authorization Access Control Identification Authentication SSO
  4. 4. Why SSO? 1. End User Experience Enhanced 2. Single Login Form 3. Centralized Auditing/Reporting 4. Developer Productivity Improved 5. Multi-factor Authentication Support 6. Reduce IT costs due to lower number of IT help desk calls about passwords
  5. 5. Terminology Cookies Authentication HTTPS Encryption Authorization
  6. 6. HTTPS
  7. 7. HTTPS
  8. 8. Encryption 1. Encryption algorithms transfer plain text into cipher text. 2. Two main types of encryption algorithms: • Symmetric encryption • Use same key for encryption and decryption • Asymmetric encryption • Use different keys for encryption and decryption 3. Symmetric algorithms are much faster than Asymmetric encryption
  9. 9. RSA
  10. 10. HMAC
  11. 11. DSA
  12. 12. SSO Techniques 1. CAS 2. SAML 3. OpenID 4. oAuth
  13. 13. How Does CAS work? Web Application CAS Kerberos 4.0Validate 2.1 Authentication LD AP 2.2Authentication
  14. 14. How Does oAuth work?
  15. 15. NewsCred Auth(MVP)
  16. 16. Goals 1. Centralize authentication process 2. Keep basic account data isolated 3. Allow users to stay logged in while browsing different apps
  17. 17. NewsCred Auth Design smartgallery.newscred.com 1. Initial request
  18. 18. NewsCred Auth Design smartgallery.newscred.com 1. Initial request redirect to https://accounts.newscred.com/login/ 2. No local session
  19. 19. NewsCred Auth Design smartgallery.newscred.com accounts.newscred.com
  20. 20. NewsCred Auth Design smartgallery.newscred.com accounts.newscred.com 3.0 Login form Authentication CDB Database 3.1Login verification
  21. 21. NewsCred Auth Design smartgallery.newscred.com accounts.newscred.com 3.0 Login form Authentication CDB Database 3.1Login verification 3.2 Sets Cookies (top domain) Redirect callback_url?token=encrypted_token
  22. 22. NewsCred Auth Design smartgallery.newscred.com accounts.newscred.com 3.0 Login form Authentication CDB Database 3.1Login verification 3.2 Sets Cookies (top domain) Redirect callback_url?token=encrypted_token
  23. 23. NewsCred Auth Design smartgallery.newscred.com accounts.newscred.com 3.0 Login form Authentication CDB Database 3.1Login verification 3.2 Sets Cookies (top domain) Redirect callback_url?token=encrypted_token 5.0 Access Web Application
  24. 24. Client Application Flowchart Local Session ? Auth Cookies ? Yes Private Resource Yes NO NO Authentication Server Create Local Session Verify Token NO Token RSA HMAC DSA
  25. 25. Challenges 1. Cross domain auto logged in issue 2. Checking user permission of each domain 3. Updating and deleting account information 4. Cookies theft
  26. 26. Web Services 1. Public APIs : from anywhere, no authentication 2. S2S APIs : authenticated via API keys
  27. 27. Questions ?

×