SSO (Single Sign on) Notes – Part 1

Credits: www.pixabay.com

With so many products, technologies, protocols and options – SSO (Single Sign on) discussions can sometimes confuse many. Here is my effort to clarify SSO by explaining the layers in it.

  • Types of SSO – System / operating system based or browser based. There are further refined details here but for part 1 of the blog, only covering the basic two types
  • Identity provider – This is the layer which provides the identity and other details of the user. Think of this as a protocol method / function call to assets behind the scenes. Both this layer and service provider act as methods / functions / flow points / events in the full flow of SSO. This layer will go and in the backend most of the times interact with user stores to get details about users
  • Service provider – This is the layer that provides / presents the user with the business application like Liferay and so on by providing features like redirects, discovery of identity provider and so on. Note: applications like Liferay can act both as identity provider & service provider with SAML
  • SSO technology products – PicketLink, ADFS (Active Directory Federation Services), Okta, Auth0, Ping Identity, SiteMinder, Shibboleth and so on
  • Protocols: NTLM (Deprecated), SAML, Kerberos, OpenID and so on
  • Customizations, configurations in applications like web.xml, XMLs, login screens, redirects, tokens, claims and so on along with their application servers

Thinking in terms of layers & flows between these concepts helps us to understand and work in a better way with SSO solutions.

https://commons.wikimedia.org/wiki/File:Saml2-browser-sso-redirect-post.png

References:

  • https://en.wikipedia.org/wiki/Single_sign-on

Email me: Neil@HarwaniSystems.in

By Neil Harwani

Interested in movies, music, history, computer science, software, engineering and technology

Leave a comment