With so many products, technologies, protocols and options – SSO (Single Sign on) discussions can sometimes confuse many. Here is my effort to clarify SSO by explaining the layers in it.
- Types of SSO – System / operating system based or browser based. There are further refined details here but for part 1 of the blog, only covering the basic two types
- Identity provider – This is the layer which provides the identity and other details of the user. Think of this as a protocol method / function call to assets behind the scenes. Both this layer and service provider act as methods / functions / flow points / events in the full flow of SSO. This layer will go and in the backend most of the times interact with user stores to get details about users
- Service provider – This is the layer that provides / presents the user with the business application like Liferay and so on by providing features like redirects, discovery of identity provider and so on. Note: applications like Liferay can act both as identity provider & service provider with SAML
- SSO technology products – PicketLink, ADFS (Active Directory Federation Services), Okta, Auth0, Ping Identity, SiteMinder, Shibboleth and so on
- Protocols: NTLM (Deprecated), SAML, Kerberos, OpenID and so on
- Customizations, configurations in applications like web.xml, XMLs, login screens, redirects, tokens, claims and so on along with their application servers
Thinking in terms of layers & flows between these concepts helps us to understand and work in a better way with SSO solutions.
References:
- https://en.wikipedia.org/wiki/Single_sign-on
Email me: Neil@HarwaniSystems.in