SlideShare a Scribd company logo
1 of 16
Download to read offline
Implementation of Single Sign On (SSO)
Technology Using SAML Standards
At UNIKOM Information Systems
International Conference on Interdisciplinary Academic
Research And Innovation (IARI-2016)
November 23-24, 2016
Taryana Suryana, Irawan Afrianto, Andri Heryandi
Teknik Informatika – Fakultas Teknik dan Ilmu Komputer
Universitas Komputer Indonesia
Backgrounds
• Many Applications
that require login
• Many Accounts To
Remember
• Different username
and Password
• Admin Create Many
Users dan Passwords
• Complicate password
management
Lecturer Student
Thrusty Online
Value
(NilaiOnline)
E-Learning
Autodebet
Social Media
Campus
Asset
Management
Evaluation of
Lecture
Finance
Academic scholarship
UNIKOM'SINFORMATIONSYSTEMS
Admin
Definitions
• Single Sign On (SSO)
Single sign-on (SSO) is a session and user authentication service
that permits a user to use one set of login credentials (e.g., name
and password) to access multiple applications.
The service authenticates the end user for all the applications the
user has been given rights to and eliminates further prompts when
the user switches applications during the same session.
On the back end, SSO is helpful for logging user activities as well as
monitoring user accounts.
(http://searchsecurity.techtarget.com/definition/single-sign-on)
Definitions
• Security Assertion Markup Language
(SAML)
SAML is an XML standard that facilitates the exchange of user
authentication and authorization data across secure domains.
SAML-based SSO services involve communications between the
user, an identity provider that maintains a user directory, and a
service provider. When a user attempts to access an application
from the service provider, the service provider will send a request to
the identity provider for authentication. The service provider will then
verify the authentication and log the user in. The user will not have
to log in again for the rest of his session.
(http://searchsecurity.techtarget.com/definition/single-sign-on)
Definitions
• Google Apps For Education (GAFE)
Google Apps for Education core services are the heart of Google's
educational offering to schools. The core services are Gmail (including
Inbox by Gmail), Calendar, Classroom, Contacts, Drive, Docs, Forms,
Groups, Sheets, Sites, Slides, Talk/Hangouts and Vault.
SSO is available for G Suite Basic, G Suite Business, and G Suite for
Education. It enables users to access all of their enterprise cloud
applications—including administrators signing in to the Admin console—by
signing in one time for all services.
GAFE also provide a Security Assertion Markup Language (SAML)-based
SSO API that you can use to integrate into your Lightweight Directory
Access Protocol (LDAP), or other SSO system. LDAP is a networking
protocol for querying and modifying directory services running over TCP/IP
(https://support.google.com/a/answer/60224?hl=en)
Analysis and Design System
System Architecture Of Unikom SSO
Analysis and Design System
System Architecture Of Unikom SSO
Analysis and Design System
Unikom Password - Single Sign On Backbone Unikom
Transfer Client encrypted with SSL / TLS on the HTTPS protocol.
Sensitive data such as Username and Password should be a second-tier encryption (Second
Layer Encryption) Using ASecure Library (developed by Digital Center using the RSA
algorithm) with the Public and Private Key are different for each session ** minimal 1024bit.
Key to the delivery of data generated on the server (PHP), Key to the reception of data
generated in the Browser (Javascript).
The connection between the Client Apps (Score online, Trusts, Online Lecture, etc.) with the
Digital Passport done on the Digital Passport Protocol and is always in a state encrypted with
OpenSSL, where each client has a Public Key that is different and access permissions that
vary in accordance with the needs.
Apps Web-based client must include the Digital Passport Dashboard on file HTML / PHP so
that users can skip and perform activities related to the account.
Client Apps need not (should not) create a form to Login / Register to User Management
Alone. Client Apps can directly determine the status of users who access the Web page to
communicate on the Digital Passport Protocol (Or use the Digital Passport API for PHP).
Analysis and Design System
Unikom Password - Single Sign On Backbone Unikom
Analysis and Design System
Unikom Password - Single Sign On Backbone Unikom
Analysis and Design System
Unikom Password - Single Sign On Backbone Unikom
Implementations
http://account.unikom.ac.id
Implementations
http://eis.unikom.ac.id
Results
• User (Lecturers and Students ) more convenience to access Unikom
Information System
• Administrators more easily manage user and password
• And More Secure in Transactions
Further Research
• Although single sign-on is a convenience to users, it present risks to
enterprise security. An attacker who gains control over a user's SSO
credentials will be granted access to every application the user has
rights to, increasing the amount of potential damage. In order to
avoid malicious access, it's essential that every aspect of SSO
implementation be coupled with identity governance. Organizations
can also use two factor authentication (2FA) or multifactor
authentication (MFA) with SSO to improve security.
Terima Kasih - Thank You - Hatur Nuhun

More Related Content

Similar to Implementation of Single Sign On (SSO) Technology Using SAML Standards At UNIKOM Information Systems

OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
webhostingguy
 
ImtechSaasIDbroch7
ImtechSaasIDbroch7ImtechSaasIDbroch7
ImtechSaasIDbroch7
Steve Tester
 
Automated login method selection in a multi modal authentication - login meth...
Automated login method selection in a multi modal authentication - login meth...Automated login method selection in a multi modal authentication - login meth...
Automated login method selection in a multi modal authentication - login meth...
Conference Papers
 
Automated login method selection in a multi modal authentication - login meth...
Automated login method selection in a multi modal authentication - login meth...Automated login method selection in a multi modal authentication - login meth...
Automated login method selection in a multi modal authentication - login meth...
Conference Papers
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
Roger CARHUATOCTO
 
Presentation Platform
Presentation PlatformPresentation Platform
Presentation Platform
Fluig
 

Similar to Implementation of Single Sign On (SSO) Technology Using SAML Standards At UNIKOM Information Systems (20)

OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
 
The India Grid for learning (IGFL)
The India Grid for learning (IGFL)The India Grid for learning (IGFL)
The India Grid for learning (IGFL)
 
3° Sessione - VMware Airwatch, la gestione della mobilità nelle organizzazion...
3° Sessione - VMware Airwatch, la gestione della mobilità nelle organizzazion...3° Sessione - VMware Airwatch, la gestione della mobilità nelle organizzazion...
3° Sessione - VMware Airwatch, la gestione della mobilità nelle organizzazion...
 
project on Agile approach
project on Agile approachproject on Agile approach
project on Agile approach
 
ImtechSaasIDbroch7
ImtechSaasIDbroch7ImtechSaasIDbroch7
ImtechSaasIDbroch7
 
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
GUIDE TO KEEP YOUR END-USERS CONNECTED TO THE DIGITAL WORKPLACE DURING DISRUP...
 
Chronos Workflow Platform │Brochure │IT - BPA
Chronos Workflow Platform │Brochure │IT - BPAChronos Workflow Platform │Brochure │IT - BPA
Chronos Workflow Platform │Brochure │IT - BPA
 
E Control Summary
E Control   SummaryE Control   Summary
E Control Summary
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
Automated login method selection in a multi modal authentication - login meth...
Automated login method selection in a multi modal authentication - login meth...Automated login method selection in a multi modal authentication - login meth...
Automated login method selection in a multi modal authentication - login meth...
 
Automated login method selection in a multi modal authentication - login meth...
Automated login method selection in a multi modal authentication - login meth...Automated login method selection in a multi modal authentication - login meth...
Automated login method selection in a multi modal authentication - login meth...
 
Web Based Investment Management System
Web Based Investment Management SystemWeb Based Investment Management System
Web Based Investment Management System
 
LTS Secure Identity Management
LTS Secure Identity ManagementLTS Secure Identity Management
LTS Secure Identity Management
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
2009 Ontario GNU Linux Fest - Build your business on SugarCRM
2009 Ontario GNU Linux Fest - Build your business on SugarCRM2009 Ontario GNU Linux Fest - Build your business on SugarCRM
2009 Ontario GNU Linux Fest - Build your business on SugarCRM
 
Presentation Platform
Presentation PlatformPresentation Platform
Presentation Platform
 
OPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC FoundationOPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC Foundation
 
Share Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonShare Point Server Security with Joel Oleson
Share Point Server Security with Joel Oleson
 
Final (1).pdf
Final (1).pdfFinal (1).pdf
Final (1).pdf
 

More from irawan afrianto

Daftar nilai akhir Komunikasi Data dan Jaringan Komputer 2013/2014
Daftar nilai akhir Komunikasi Data dan Jaringan Komputer 2013/2014Daftar nilai akhir Komunikasi Data dan Jaringan Komputer 2013/2014
Daftar nilai akhir Komunikasi Data dan Jaringan Komputer 2013/2014
irawan afrianto
 

More from irawan afrianto (20)

Sismul14 ulang
Sismul14 ulangSismul14 ulang
Sismul14 ulang
 
Sismul13 ulang
Sismul13 ulangSismul13 ulang
Sismul13 ulang
 
Sismul13
Sismul13Sismul13
Sismul13
 
Sismul8
Sismul8Sismul8
Sismul8
 
Sismul14
Sismul14Sismul14
Sismul14
 
Sismul1
Sismul1Sismul1
Sismul1
 
Sismul7
Sismul7Sismul7
Sismul7
 
Sismul10
Sismul10Sismul10
Sismul10
 
QR Code and Transport Layer Security For Licensing Documents Verification- Ir...
QR Code and Transport Layer Security For Licensing Documents Verification- Ir...QR Code and Transport Layer Security For Licensing Documents Verification- Ir...
QR Code and Transport Layer Security For Licensing Documents Verification- Ir...
 
Presentasi bp3 iptek 2016-Rancang Bangun Sistem Informasi Pemetaan masyarakat...
Presentasi bp3 iptek 2016-Rancang Bangun Sistem Informasi Pemetaan masyarakat...Presentasi bp3 iptek 2016-Rancang Bangun Sistem Informasi Pemetaan masyarakat...
Presentasi bp3 iptek 2016-Rancang Bangun Sistem Informasi Pemetaan masyarakat...
 
Nilai percepatan matakuliah keamanan sistem informasi
Nilai percepatan matakuliah keamanan sistem informasiNilai percepatan matakuliah keamanan sistem informasi
Nilai percepatan matakuliah keamanan sistem informasi
 
Presentasi laporan penelitian qr code
Presentasi laporan penelitian qr codePresentasi laporan penelitian qr code
Presentasi laporan penelitian qr code
 
Daftar nilai akhir Komunikasi Data dan Jaringan Komputer 2013/2014
Daftar nilai akhir Komunikasi Data dan Jaringan Komputer 2013/2014Daftar nilai akhir Komunikasi Data dan Jaringan Komputer 2013/2014
Daftar nilai akhir Komunikasi Data dan Jaringan Komputer 2013/2014
 
Kapita selekta 2013-2014- Tema-tema Skripsi Teknik Informatika Unikom
Kapita selekta 2013-2014- Tema-tema Skripsi Teknik Informatika UnikomKapita selekta 2013-2014- Tema-tema Skripsi Teknik Informatika Unikom
Kapita selekta 2013-2014- Tema-tema Skripsi Teknik Informatika Unikom
 
Nilai akhir komjar 2012 2013
Nilai akhir komjar 2012 2013Nilai akhir komjar 2012 2013
Nilai akhir komjar 2012 2013
 
Nilai akhir matakuliah ksi 2012/2013
Nilai akhir matakuliah ksi 2012/2013Nilai akhir matakuliah ksi 2012/2013
Nilai akhir matakuliah ksi 2012/2013
 
Penerima Beasiswa PMB 2013-2014
Penerima Beasiswa PMB 2013-2014Penerima Beasiswa PMB 2013-2014
Penerima Beasiswa PMB 2013-2014
 
Proposal inaicta 2011 kostanbandung - unikom
Proposal inaicta 2011   kostanbandung - unikom Proposal inaicta 2011   kostanbandung - unikom
Proposal inaicta 2011 kostanbandung - unikom
 
Proposal inaicta 2012 face tracking application-unikom
Proposal inaicta 2012   face tracking application-unikomProposal inaicta 2012   face tracking application-unikom
Proposal inaicta 2012 face tracking application-unikom
 
Percepatan nilai matakuliah kemanan sistem informasi
Percepatan nilai matakuliah kemanan sistem informasiPercepatan nilai matakuliah kemanan sistem informasi
Percepatan nilai matakuliah kemanan sistem informasi
 

Recently uploaded

IATP How-to Foreign Travel May 2024.pdff
IATP How-to Foreign Travel May 2024.pdffIATP How-to Foreign Travel May 2024.pdff
IATP How-to Foreign Travel May 2024.pdff
17thcssbs2
 
Neurulation and the formation of the neural tube
Neurulation and the formation of the neural tubeNeurulation and the formation of the neural tube
Neurulation and the formation of the neural tube
SaadHumayun7
 
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
中 央社
 
The basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptxThe basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.pptBasic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
 
How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17
 
Telling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdf
Telling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdfTelling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdf
Telling Your Story_ Simple Steps to Build Your Nonprofit's Brand Webinar.pdf
 
Keeping Your Information Safe with Centralized Security Services
Keeping Your Information Safe with Centralized Security ServicesKeeping Your Information Safe with Centralized Security Services
Keeping Your Information Safe with Centralized Security Services
 
How to the fix Attribute Error in odoo 17
How to the fix Attribute Error in odoo 17How to the fix Attribute Error in odoo 17
How to the fix Attribute Error in odoo 17
 
Morse OER Some Benefits and Challenges.pptx
Morse OER Some Benefits and Challenges.pptxMorse OER Some Benefits and Challenges.pptx
Morse OER Some Benefits and Challenges.pptx
 
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdf
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdfPost Exam Fun(da) Intra UEM General Quiz - Finals.pdf
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdf
 
50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...
50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...
50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...
 
IATP How-to Foreign Travel May 2024.pdff
IATP How-to Foreign Travel May 2024.pdffIATP How-to Foreign Travel May 2024.pdff
IATP How-to Foreign Travel May 2024.pdff
 
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfINU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
 
Capitol Tech Univ Doctoral Presentation -May 2024
Capitol Tech Univ Doctoral Presentation -May 2024Capitol Tech Univ Doctoral Presentation -May 2024
Capitol Tech Univ Doctoral Presentation -May 2024
 
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptxMatatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
 
Neurulation and the formation of the neural tube
Neurulation and the formation of the neural tubeNeurulation and the formation of the neural tube
Neurulation and the formation of the neural tube
 
Post Exam Fun(da) Intra UEM General Quiz 2024 - Prelims q&a.pdf
Post Exam Fun(da) Intra UEM General Quiz 2024 - Prelims q&a.pdfPost Exam Fun(da) Intra UEM General Quiz 2024 - Prelims q&a.pdf
Post Exam Fun(da) Intra UEM General Quiz 2024 - Prelims q&a.pdf
 
size separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceuticssize separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceutics
 
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
 
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...
 
The basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptxThe basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptx
 
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdfDanh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
 

Implementation of Single Sign On (SSO) Technology Using SAML Standards At UNIKOM Information Systems

  • 1. Implementation of Single Sign On (SSO) Technology Using SAML Standards At UNIKOM Information Systems International Conference on Interdisciplinary Academic Research And Innovation (IARI-2016) November 23-24, 2016 Taryana Suryana, Irawan Afrianto, Andri Heryandi Teknik Informatika – Fakultas Teknik dan Ilmu Komputer Universitas Komputer Indonesia
  • 2. Backgrounds • Many Applications that require login • Many Accounts To Remember • Different username and Password • Admin Create Many Users dan Passwords • Complicate password management Lecturer Student Thrusty Online Value (NilaiOnline) E-Learning Autodebet Social Media Campus Asset Management Evaluation of Lecture Finance Academic scholarship UNIKOM'SINFORMATIONSYSTEMS Admin
  • 3. Definitions • Single Sign On (SSO) Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. On the back end, SSO is helpful for logging user activities as well as monitoring user accounts. (http://searchsecurity.techtarget.com/definition/single-sign-on)
  • 4. Definitions • Security Assertion Markup Language (SAML) SAML is an XML standard that facilitates the exchange of user authentication and authorization data across secure domains. SAML-based SSO services involve communications between the user, an identity provider that maintains a user directory, and a service provider. When a user attempts to access an application from the service provider, the service provider will send a request to the identity provider for authentication. The service provider will then verify the authentication and log the user in. The user will not have to log in again for the rest of his session. (http://searchsecurity.techtarget.com/definition/single-sign-on)
  • 5. Definitions • Google Apps For Education (GAFE) Google Apps for Education core services are the heart of Google's educational offering to schools. The core services are Gmail (including Inbox by Gmail), Calendar, Classroom, Contacts, Drive, Docs, Forms, Groups, Sheets, Sites, Slides, Talk/Hangouts and Vault. SSO is available for G Suite Basic, G Suite Business, and G Suite for Education. It enables users to access all of their enterprise cloud applications—including administrators signing in to the Admin console—by signing in one time for all services. GAFE also provide a Security Assertion Markup Language (SAML)-based SSO API that you can use to integrate into your Lightweight Directory Access Protocol (LDAP), or other SSO system. LDAP is a networking protocol for querying and modifying directory services running over TCP/IP (https://support.google.com/a/answer/60224?hl=en)
  • 6. Analysis and Design System System Architecture Of Unikom SSO
  • 7. Analysis and Design System System Architecture Of Unikom SSO
  • 8. Analysis and Design System Unikom Password - Single Sign On Backbone Unikom Transfer Client encrypted with SSL / TLS on the HTTPS protocol. Sensitive data such as Username and Password should be a second-tier encryption (Second Layer Encryption) Using ASecure Library (developed by Digital Center using the RSA algorithm) with the Public and Private Key are different for each session ** minimal 1024bit. Key to the delivery of data generated on the server (PHP), Key to the reception of data generated in the Browser (Javascript). The connection between the Client Apps (Score online, Trusts, Online Lecture, etc.) with the Digital Passport done on the Digital Passport Protocol and is always in a state encrypted with OpenSSL, where each client has a Public Key that is different and access permissions that vary in accordance with the needs. Apps Web-based client must include the Digital Passport Dashboard on file HTML / PHP so that users can skip and perform activities related to the account. Client Apps need not (should not) create a form to Login / Register to User Management Alone. Client Apps can directly determine the status of users who access the Web page to communicate on the Digital Passport Protocol (Or use the Digital Passport API for PHP).
  • 9. Analysis and Design System Unikom Password - Single Sign On Backbone Unikom
  • 10. Analysis and Design System Unikom Password - Single Sign On Backbone Unikom
  • 11. Analysis and Design System Unikom Password - Single Sign On Backbone Unikom
  • 14. Results • User (Lecturers and Students ) more convenience to access Unikom Information System • Administrators more easily manage user and password • And More Secure in Transactions
  • 15. Further Research • Although single sign-on is a convenience to users, it present risks to enterprise security. An attacker who gains control over a user's SSO credentials will be granted access to every application the user has rights to, increasing the amount of potential damage. In order to avoid malicious access, it's essential that every aspect of SSO implementation be coupled with identity governance. Organizations can also use two factor authentication (2FA) or multifactor authentication (MFA) with SSO to improve security.
  • 16. Terima Kasih - Thank You - Hatur Nuhun