SINGLE SIGN ON PAGE (SSO)

Kavita Singh

MBA II Sem

IIIT Allahabad

 

 

What is Single Page Sign On? Let me consider an example “Mostly people have online accounts with Service provider (like Airtel, Vodafone, Reliance and so on) for mobile services. To log into these accounts we need to have a username and password and once logged in we can carry out multiple activities like pay our bills, request for plan change, a caller tune and much more.”

 

 From the above example it is clear that Single Sign on Page is an authentication process, through which a user with a username and a password can log into the server and access all the applications on the server without providing authentication again and again.

 

Consider few other examples like,  

 

 

These examples very well emphasize on the security need of the authentication provided on the Single Sign on page. Various security challenges faced in SSO are:

 

 

Security Assertions Markup Language (SAML) which provides a XML standard for securing the authentication on Single Sign On page and various web domains. It helps in secure exchange of information between various business partners, suppliers and customers. Organization for the Advancement of Structured Information Standards has standardised SAML.

 

 

Assertions form the basic SAML object, where assertion refers to authentication which are generated by the organisations trusted authorities using a request response protocol. The specifications of SAML not only define structure of assertions but also an associated set of protocols with various processing rules for managing SAML system. For transportation purpose these are embedded in other systems structures like HTTP Post.

 

The SAML defines a data format for authentication assertion including authentication description and authentication attributes like username and password. The defined format and protocols  distribute SAML data among the required parties. Thus protocol supports ‘pushing’ data assertions from the user to a receiver and also ‘pulling’ data assertions from the authenticating authority to a receiver.

I am going to discuss the SAML  based SSO approach for google. The below diagram discusses the SAML based SSO approach when a user logins into a Google application like Gmail.

 

Google, Service provider partners with an Identity Provider to authenticate the user trying to access its webpage. The Steps include User tries to access gmail using the URL www.gmail.com.

Authentication request is generated by SAML. This requested is embedded in the partners SSO service URL(which partner provides to google). SSO URL also has the URL of google that user is trying to access defined as RelayState Parameter . Google send the redirect request to User. Partner decodes the SAML request and extracts the URL’s and then authenticates the user either by a login credentials. SAML response is generated by partner containing user’s username. SAML response and RealyState Parameter are encoded by the Partner and returns information to the user browser. Google ACS (Assertion Consumer Service) verifies the response and if response is successfully verified then user is directed to the destination URL’s.User is able to access the Gmail application.         

 

 

Benefits of SAML