Security

Learn about GenX services that can add value to your business

Security

Single Sign-On

Single sign-on (SSO) is a feature of an information system that lets a user log in once and gain access to multiple software systems without being prompted to log in again.

Fig: Single sign-on

SSO Components:

  • Login Server-
  • Authenticates the user by means of user name and password.
  • Passes the client's identity to the various applications.
  • Marks the client being authenticated with an encrypted login cookie.

  • SSO API- It enables
  • Applications to communicate with the Login Server and to accept a user's identity as validated by the Login Server.
  • Administrators to manage the application's association to the Login Server.

SSO Application Types:

  • Partner Applications-
  • Integrated with Login Server. They contain a Single Sign-On API that enables them to accept a user's identity as validated by the Login Server.

  • External Applications-
  • External applications are web-based applications that retain their authentication logic.They do not delegate authentication to the Login Server and, as such, require a user name and password to provide access. Currently, these applications are limited to those which employ an HTML form for accepting the user name and password.The user name may be different from the SSO user name, and the Login Server provides the necessary mapping.

SSO Authentication Methods

Local user authentication External repository authentication
Uses a lookup table within the Login Server schema. This table contains user name, password, Login Server privilege level, and other auditing fields for the user. The incoming password is one-way hashed and compared to the entry in the table. Typically relies on an LDAP-compliant directory. In this case, the Login Server binds to the LDAP-compliant directory, then looks up the user credentials stored there. External Authentication includes LDAP and Database Authentication and any others that may be custom-developed.

How SSO Works

  • Authenticating to the Login Server
  • Accessing a Partner Application
  • Accessing an External Application