SlideShare a Scribd company logo

Web Single sign on system

Swati Sinha
Swati Sinha

Outline : Introduction of SSO Need of SSO Simple SSO process Types of SSO Architecture of web SSO system Kerberos-Based Authentication How it works? Conclusion References

Engineering
1 of 18
Prepared by, Jyoti Belsare Guided by, Mr. Aditya Sinha WEB SINGLE SIGN ON SYSTEM
Outline  Introduction of SSO  Need of SSO  Simple SSO process  Types of SSO  Architecture of web SSO system  Kerberos-Based Authentication  How it works?  Conclusion  References
Introduction of SSO  Single sign-on is a user/session authentication process that permits a user to enter one name and password in order to access multiple applications.  The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.
Need of SSO  Removes the need for a user to constantly remember the password for each security domain  Increases productivity while reducing cost and frustration  Eliminates the need for a user identity to exist in each web application
Simple SSO process
Types of SSO There are main three types:  Web Single Sign On  Legacy Single Sign On  Federated Single Sign On
Architecture of web SSO system  Single Sign-On With Multiple Sets of Credentials  Secure Client-side Credential Caching  Secure Server-side Credential Caching  Single Sign-On With Single Set of Credentials  PKI-based Single Sign-On  Token-based Single Sign-On
Kerberos-Based Authentication  Kerberos is a network authentication protocol, designed to provide strong authentication for client/server applications, using secret key cryptography mechanism.  It can also encrypt all of the communications to ensure the user privacy and the data integrity as a security feature.
How it works..  Kerberos V5 is a token-based authentication scheme through a trusted third party.  The end user and the service trust a common authentication server which is called the Kerberos Key Distribution Centre (KDC).  The KDC shares the secret keys with both of the user and service.  These secret keys from each principal are encrypted in a local database of the KDC, used to prove the principals’ identities and to establish the encrypted sessions between the KDC and the principals.
Continue.. key exchange scenario of Kerberos
Logout  A user only need to click the sign out logo, then, all the cookies from participating sites during browser session will be deleted.  These cookies also will expire after a certain period of time.
Technology Requirement  The HTTP communication between the client and server  The implementation of safe redirection  The use of secure sockets layer and secure cookie.
Benefits Of SSO  No need to manage large numbers of passwords.  Reduced exposure to the risks of data loss. Users already trust the identity provider.  A simpler sign-up and login process.
Drawbacks of SSO  Single point of failure  Single high-value target  Lack of control over your user list  Complexity  Private information disclosure between trusting site and SSO authority
Conclusion  Implementing web SSO system with a comprehensive security solution is a complex problem. Since there is no universal single sign-on standard exists, the method used to implement SSO varies with the requirements.
Future Development  To meet different levels of requirements, this solution could be upgraded and extended to incorporate support for various authentication mechanisms and interface modes.
References  [1] M. E. Kabay, “Identification, Authentication and Authorization on the World Wide Web”, Oct 16, 2002 http://www.secinf.net/websecurity/WWW_Security/Identification_Authen tication_and_Authorization_on_the_World_Wide_Web.html  [2] The Open Group, “Introduction to Single Sign-On”, 20 May, 1998 http://www.opengroup.org/security/sso/sso_intro.htm  [3] Laura Taylor, “Understanding Single Sign-On”, 28 May, 2002 http://www.intranetjournal.com/articles/200205/se_05_28_0 2a.html  [4] Sun, “Sun Java System Access Manager Technical Overview – Federation Management”, 2005 http://docs.sun.com/source/817-7643/5_federation.html
THANK YOU

Recommended

Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ONShambhavi Sahay
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
 
Single sign on
Single sign onSingle sign on
Single sign on
guest64ab8e
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
Aidy Tificate
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
Venkat Gattamaneni
 
Enterprise single sign on
Enterprise single sign onEnterprise single sign on
Enterprise single sign on
Archit Sharma
 

Recommended

Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
Ajit Dadresa
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ONShambhavi Sahay
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
Ishan A B Ambanwela
 
Single sign on
Single sign onSingle sign on
Single sign on
guest64ab8e
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
Aidy Tificate
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
Single Sign On Considerations
Single Sign On ConsiderationsSingle Sign On Considerations
Single Sign On Considerations
Venkat Gattamaneni
 
Enterprise single sign on
Enterprise single sign onEnterprise single sign on
Enterprise single sign on
Archit Sharma
 
Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
Đỗ Duy Trung
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
Single Sign On - Case Study
Single Sign On - Case StudySingle Sign On - Case Study
Single Sign On - Case StudyEbizon
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
SAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 OverviewSAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 Overview
SAP Technology
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
Artur Barseghyan
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten Minutes
Andrew Petro
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
Programming Talents
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
Marco Morana
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Craig Dickson
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-Onelliando dias
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and Liferay
Mika Koivisto
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
Manish Harsh
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in Practice
ForgeRock
 
Access Security - Privileged Identity Management
Access Security - Privileged Identity ManagementAccess Security - Privileged Identity Management
Access Security - Privileged Identity Management
Eng Teong Cheah
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
ForgeRock
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions www.ijeijournal.com
 

More Related Content

What's hot

Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
Đỗ Duy Trung
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
Devam Shah
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
Mike Schwartz
 
Single Sign On - Case Study
Single Sign On - Case StudySingle Sign On - Case Study
Single Sign On - Case StudyEbizon
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Anil Saldanha
 
SAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 OverviewSAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 Overview
SAP Technology
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
Artur Barseghyan
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten Minutes
Andrew Petro
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
Programming Talents
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
Marco Morana
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Craig Dickson
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-Onelliando dias
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and Liferay
Mika Koivisto
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
Manish Harsh
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in Practice
ForgeRock
 
Access Security - Privileged Identity Management
Access Security - Privileged Identity ManagementAccess Security - Privileged Identity Management
Access Security - Privileged Identity Management
Eng Teong Cheah
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
ForgeRock
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft
 

What's hot (20)

Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?Single sign on (SSO) How does your company apply?
Single sign on (SSO) How does your company apply?
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
Single Sign On - Case Study
Single Sign On - Case StudySingle Sign On - Case Study
Single Sign On - Case Study
 
Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?Saml vs Oauth : Which one should I use?
Saml vs Oauth : Which one should I use?
 
SAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 OverviewSAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 Overview
 
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
SSO using CAS + two-factor authentication (PyGrunn 2014 talk)
 
Jasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten MinutesJasig Central Authentication Service in Ten Minutes
Jasig Central Authentication Service in Ten Minutes
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_security
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-OnFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 
SAML and Liferay
SAML and LiferaySAML and Liferay
SAML and Liferay
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in Practice
 
Access Security - Privileged Identity Management
Access Security - Privileged Identity ManagementAccess Security - Privileged Identity Management
Access Security - Privileged Identity Management
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
 

Similar to Web Single sign on system

Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptwebhostingguy
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Access
bluntm64
 
sso_on_new system with security is more concern
sso_on_new system with security is more concernsso_on_new system with security is more concern
sso_on_new system with security is more concern
2022mt93375
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
Harihara sarma
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
WAFAA AL SALMAN
 
Narrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardNarrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forward
Conference Papers
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
Alert Logic
 
IRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate System
IRJET Journal
 
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSA CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
IJNSA Journal
 
Kerberos Security in Distributed Systems
Kerberos Security in Distributed SystemsKerberos Security in Distributed Systems
Kerberos Security in Distributed Systems
IRJET Journal
 
Cross cloud single sign on (sso) using tokens
Cross cloud single sign on (sso) using tokensCross cloud single sign on (sso) using tokens
Cross cloud single sign on (sso) using tokens
eSAT Journals
 
Cross cloud single sign on (sso) using tokens
Cross cloud single sign on (sso) using tokensCross cloud single sign on (sso) using tokens
Cross cloud single sign on (sso) using tokens
eSAT Publishing House
 
CCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_FinalCCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_FinalGreg Posten
 
A cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applicationsA cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applications
IJNSA Journal
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
Information Technology
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
ForgeRock
 

Similar to Web Single sign on system (20)

Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
OWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.pptOWASPSanAntonio_2006_08_SingleSignOn.ppt
OWASPSanAntonio_2006_08_SingleSignOn.ppt
 
Digital Certificates and Secure Web Access
Digital Certificates and Secure Web AccessDigital Certificates and Secure Web Access
Digital Certificates and Secure Web Access
 
Saas security
Saas securitySaas security
Saas security
 
sso_on_new system with security is more concern
sso_on_new system with security is more concernsso_on_new system with security is more concern
sso_on_new system with security is more concern
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
Narrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardNarrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forward
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
IRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate System
 
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSA CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
 
Kerberos Security in Distributed Systems
Kerberos Security in Distributed SystemsKerberos Security in Distributed Systems
Kerberos Security in Distributed Systems
 
Cross cloud single sign on (sso) using tokens
Cross cloud single sign on (sso) using tokensCross cloud single sign on (sso) using tokens
Cross cloud single sign on (sso) using tokens
 
Cross cloud single sign on (sso) using tokens
Cross cloud single sign on (sso) using tokensCross cloud single sign on (sso) using tokens
Cross cloud single sign on (sso) using tokens
 
CCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_FinalCCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_Final
 
A cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applicationsA cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applications
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
 

Recently uploaded

ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
AafreenAbuthahir2
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
ViniHema
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
obonagu
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Amil Baba Dawood bangali
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
Kamal Acharya
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
BrazilAccount1
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
bakpo1
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
ongomchris
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
TeeVichai
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
FluxPrime1
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
Kamal Acharya
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
Robbie Edward Sayers
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
AJAYKUMARPUND1
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
ydteq
 

Recently uploaded (20)

ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
 

Web Single sign on system

  • 1. Prepared by, Jyoti Belsare Guided by, Mr. Aditya Sinha WEB SINGLE SIGN ON SYSTEM
  • 2. Outline  Introduction of SSO  Need of SSO  Simple SSO process  Types of SSO  Architecture of web SSO system  Kerberos-Based Authentication  How it works?  Conclusion  References
  • 3. Introduction of SSO  Single sign-on is a user/session authentication process that permits a user to enter one name and password in order to access multiple applications.  The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.
  • 4. Need of SSO  Removes the need for a user to constantly remember the password for each security domain  Increases productivity while reducing cost and frustration  Eliminates the need for a user identity to exist in each web application
  • 6. Types of SSO There are main three types:  Web Single Sign On  Legacy Single Sign On  Federated Single Sign On
  • 7. Architecture of web SSO system  Single Sign-On With Multiple Sets of Credentials  Secure Client-side Credential Caching  Secure Server-side Credential Caching  Single Sign-On With Single Set of Credentials  PKI-based Single Sign-On  Token-based Single Sign-On
  • 8. Kerberos-Based Authentication  Kerberos is a network authentication protocol, designed to provide strong authentication for client/server applications, using secret key cryptography mechanism.  It can also encrypt all of the communications to ensure the user privacy and the data integrity as a security feature.
  • 9. How it works..  Kerberos V5 is a token-based authentication scheme through a trusted third party.  The end user and the service trust a common authentication server which is called the Kerberos Key Distribution Centre (KDC).  The KDC shares the secret keys with both of the user and service.  These secret keys from each principal are encrypted in a local database of the KDC, used to prove the principals’ identities and to establish the encrypted sessions between the KDC and the principals.
  • 10. Continue.. key exchange scenario of Kerberos
  • 11. Logout  A user only need to click the sign out logo, then, all the cookies from participating sites during browser session will be deleted.  These cookies also will expire after a certain period of time.
  • 12. Technology Requirement  The HTTP communication between the client and server  The implementation of safe redirection  The use of secure sockets layer and secure cookie.
  • 13. Benefits Of SSO  No need to manage large numbers of passwords.  Reduced exposure to the risks of data loss. Users already trust the identity provider.  A simpler sign-up and login process.
  • 14. Drawbacks of SSO  Single point of failure  Single high-value target  Lack of control over your user list  Complexity  Private information disclosure between trusting site and SSO authority
  • 15. Conclusion  Implementing web SSO system with a comprehensive security solution is a complex problem. Since there is no universal single sign-on standard exists, the method used to implement SSO varies with the requirements.
  • 16. Future Development  To meet different levels of requirements, this solution could be upgraded and extended to incorporate support for various authentication mechanisms and interface modes.
  • 17. References  [1] M. E. Kabay, “Identification, Authentication and Authorization on the World Wide Web”, Oct 16, 2002 http://www.secinf.net/websecurity/WWW_Security/Identification_Authen tication_and_Authorization_on_the_World_Wide_Web.html  [2] The Open Group, “Introduction to Single Sign-On”, 20 May, 1998 http://www.opengroup.org/security/sso/sso_intro.htm  [3] Laura Taylor, “Understanding Single Sign-On”, 28 May, 2002 http://www.intranetjournal.com/articles/200205/se_05_28_0 2a.html  [4] Sun, “Sun Java System Access Manager Technical Overview – Federation Management”, 2005 http://docs.sun.com/source/817-7643/5_federation.html