Embed Size (px)
Citation preview
Single Sign On
DEEPTHI T.
DINESH J.
KARTHIK R.
KARTHIKEYAN L.
NAVEEN M.
RAGHU PRIYA A.
Introduction
• Single sign-on is a user/session authentication process that permits a user to enter one name and password in order to access multiple applications.
• Authenticates the user for all the applications they have been given rights to and eliminates further prompts
In Client/Server relationship
• “In any client/server relationship, single sign-on is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications.”
In E-commerce
• “In e-commerce, the single sign-on is designed to centralize consumer financial information on one server- not only for the consumer's convenience, but also to offer increased security by limiting the number of times the consumer enters credit card numbers or other sensitive information used in billing.”
By capacity:
Holy Grail
Enterprise
Synchronization
Web SSO
Cross Domain
Federated SSO
By capacity:
Holy Grail
Enterprise
Synchronization
Web SSO
Cross Domain
Federated SSO
One identity eg. windows logon
By capacity:
Holy Grail
Enterprise
Synchronization
Web SSO
Cross Domain
Federated SSO
a.k.a "Login automation" , After primary authentication, it intercepts further login
prompts and fills them for you
By capacity:
Holy Grail
Enterprise
Synchronization
Web SSO
Cross Domain
Federated SSO
Most common. a.k.a "same sign on"
By capacity:
Holy Grail
Enterprise
Synchronization
Web SSO
Cross Domain
Federated SSO
Allows users to use a s ingle username and password to access different
applications
By capacity:
Holy Grail
Enterprise
Synchronization
Web SSO
Cross Domain
Federated SSO
Linking a person's electronic identity and attributes, stored across multiple
distinct identity management systems
By capacity:
Holy Grail
Enterprise
Synchronization
Web SSO
Cross Domain
Federated SSO
Multiple realms; user authenticated in one realm gets signed-on to an application
using another realm
By Platform:
By Platform
Unix, Linux & Mac
Java Applications
Web Applications
DB2Other
Databases
By Platform:
Eliminate identities, passwords and logons across the entire range of Unix, Linux and Mac systems for “true” AD-based, single sign-on
secured by Kerberos.
Unix, Linux & Mac
Java Applications
Web Applications
DB2Other
Databases
By Platform:
Eliminate identities, passwords and logons across custom Java
applications for “true” AD-based single sign-on secured by Kerberos.
Unix, Linux & Mac
Java Applications
Web Applications
DB2Other
Databases
By Platform:
Secure reverse-proxy architecture that protects important resources to ensure only appropriate remote
access using AD-based SSO.
Unix, Linux & Mac
Java Applications
Web Applications
DB2Other
Databases
By Platform:
Quest provides Active Directory-based SSO for DB2, eliminating the need to
create, manage and maintain separate identities, passwords and authentication
mechanisms for both DB2
Unix, Linux & Mac
Java Applications
Web Applications
DB2Other
Databases
By Platform:
Quest provides Active Directory-based enterprise SSO (login
automation) for any database that requires a password for
authentication.
Unix, Linux & Mac
Java Applications
Web Applications
DB2Other
Databases
By Product• improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.
Authentication Services
• enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload
Password Manager
• provides secure access to critical web resources while protecting systems from direct exposure. Webthority
• provides secure access to critical web resources while protecting systems from direct exposure. Defender
• Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.
Single Sign-on for JavaEnterprise
• It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.
Single Sign-onSingle Sign-on for NetWeaver
By Product• improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.
Authentication Services
• enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload
Password Manager
• provides secure access to critical web resources while protecting systems from direct exposure. Webthority
• provides secure access to critical web resources while protecting systems from direct exposure. Defender
• Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.
Single Sign-on for JavaEnterprise
• It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.
Single Sign-onSingle Sign-on for NetWeaver
By Product• improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.
Authentication Services
• enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload
Password Manager
• provides secure access to critical web resources while protecting systems from direct exposure. Webthority
• provides secure access to critical web resources while protecting systems from direct exposure. Defender
• Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.
Single Sign-on for JavaEnterprise
• It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.
Single Sign-onSingle Sign-on for NetWeaver
By Product• improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.
Authentication Services
• enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload
Password Manager
• provides secure access to critical web resources while protecting systems from direct exposure. Webthority
• provides secure access to critical web resources while protecting systems from direct exposure. Defender
• Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.
Single Sign-on for JavaEnterprise
• It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.
Single Sign-onSingle Sign-on for NetWeaver
By Product• improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.
Authentication Services
• enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload
Password Manager
• provides secure access to critical web resources while protecting systems from direct exposure. Webthority
• provides secure access to critical web resources while protecting systems from direct exposure. Defender
• Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.
Single Sign-on for JavaEnterprise
• It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.
Single Sign-onSingle Sign-on for NetWeaver
By Product• improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.
Authentication Services
• enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload
Password Manager
• provides secure access to critical web resources while protecting systems from direct exposure. Webthority
• provides secure access to critical web resources while protecting systems from direct exposure. Defender
• Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.
Single Sign-on for JavaEnterprise
• It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.
Single Sign-onSingle Sign-on for NetWeaver
By Product• improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.
Authentication Services
• enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload
Password Manager
• provides secure access to critical web resources while protecting systems from direct exposure. Webthority
• provides secure access to critical web resources while protecting systems from direct exposure. Defender
• Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.
Single Sign-on for JavaEnterprise
• It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.
Single Sign-onSingle Sign-on for NetWeaver
Legacy Approach to User Sign-on to Multiple Systems
How does it work?
Single User Sign-On To Multiple Services
Advantages
• Reduced operational cost• Reduced time to access data, e.g. ER• Improved user experience, no password lists to
carry• Advanced security to systems
– Strong authentication • One Time Password devices
• Smartcards
• Ease burden on developers • Centralized management of users, roles• Fine grained auditing• Effective compliance (SOX, HIPPA)
Password synchronization
• The password synchronization is the process of changing each password for different applications to the same value, so that the user always enters the same password. Once you install password synchronization software, users will enter the same password when they login to any of the synchronized systems, such as to their network, finance system, e-mail, calendar or the mainframe.
Password synchronization VSSingle sign-on
Password Synchronization
Single Sign-on
Process Simply changes all applications to the same password. User continues to login to each of those applications separately, but uses same password.
Use single username and password to sign in to one site, the client authentication of other site done by specific server
Login times Several times depends on the application required
Once for every domain
Password synchronization VS Single sing-on (con)
Manage credential data
Manage passwords only,
Use specific protocol to manage the client authentication and the secrete information
Weak password Can only match the policy of the weakest system
Only one password, can make very secure
Security Once one application is compromised, all the other applications can be accessed, the sensitive data will be obtained.
Can encrypt to the sensitive data and send it by the SSL save channel
Pros and cons
