Presentation is loading. Please wait.

Presentation is loading. Please wait.

Single Sign-On https://store.theartofservice.com/the-single-sign-on-toolkit.html.

Published byBranden York Modified over 8 years ago

Similar presentations

Presentation on theme: "Single Sign-On https://store.theartofservice.com/the-single-sign-on-toolkit.html."— Presentation transcript:

1 Single Sign-On https://store.theartofservice.com/the-single-sign-on-toolkit.html

2 Single sign-on 1 Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Conversely, single sign-off is the property whereby a single action of signing out terminates access to multiple software systems. https://store.theartofservice.com/the-single-sign-on-toolkit.html

3 Single sign-on 1 As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication. https://store.theartofservice.com/the-single-sign-on-toolkit.html

4 Single sign-on - Criticisms 1 The term enterprise reduced sign-on is preferred by some authors who believe single sign-on to be impossible in real use cases. https://store.theartofservice.com/the-single-sign-on-toolkit.html

5 Single sign-on - Criticisms 1 As single sign-on provides access to many resources once the user is initially authenticated ("keys to the castle") it increases the negative impact in case the credentials are available to other persons and misused. Therefore, single sign-on requires an increased focus on the protection of the user credentials, and should ideally be combined with strong authentication methods like smart cards and one-time password tokens. https://store.theartofservice.com/the-single-sign-on-toolkit.html

6 Single sign-on - Criticisms 1 Single sign-on also makes the authentication systems highly critical; a loss of their availability can result in denial of access to all systems unified under the SSO. SSO can thus be undesirable for systems to which access must be guaranteed at all times, such as security or plant-floor systems. https://store.theartofservice.com/the-single-sign-on-toolkit.html

7 Single sign-on - Smart card based 1 Initial sign-on prompts the user for the smart card. Additional software applications also use the smart card, without prompting the user to re-enter credentials. Smart card-based single sign- on can either use certificates or passwords stored on the smart card. https://store.theartofservice.com/the-single-sign-on-toolkit.html

8 Single sign-on - Security Assertion Markup Language 1 The user is called the subject in the SAML-based single sign-on https://store.theartofservice.com/the-single-sign-on-toolkit.html

9 Single sign-on - Shared authentication schemes which are not single sign-on 1 Single sign-on requires that users literally sign in once to establish their credentials. Systems which require the user to log in multiple times to the same identity are inherently not single sign-on. For example, an environment where users are prompted to log into their desktop, then log into their email using the same credentials, is not single sign-on. https://store.theartofservice.com/the-single-sign-on-toolkit.html

10 Security token - Single sign-on software tokens 1 Some types of Single sign-on (SSO) solutions, like enterprise single sign-on, use the token to store software that allows for seamless authentication and password filling. As the passwords are stored on the token, users need not remember their passwords and therefore can select more secure passwords, or have more secure passwords assigned. https://store.theartofservice.com/the-single-sign-on-toolkit.html

11 SAPgui - Single sign-on 1 SAPGUI on Microsoft Windows or Internet Explorer can also be used for single sign-on. There are several portal-based authentication applications for single sign-on. SAPGUI can have single sign-on with SAP Logon Ticket as well. Single sign-on also works in the Java GUI.[ http://honk.sigxcpu.org/con/Enabling_Kerbero s_in_the_SAP_GUI_for_Java.html Single Sign-on for SAP Java GUI] https://store.theartofservice.com/the-single-sign-on-toolkit.html

12 SAP NetWeaver Process Integration - Single Sign-On 1 SAP NetWeaver PI allows for Single Sign-On through SAP Logon Tickets[ http://help.sap.com/saphelp_nwpi71/helpdata /en/32/1c1041a0f6f16fe10000000a1550b0/fr ameset.htm Single Sign-On Configuration - Procedure for PI Web Components] and x.509 certificates. Certificates allow for the usage of Secure Network Communications (SNC) and Secure Socket Layer (SSL). https://store.theartofservice.com/the-single-sign-on-toolkit.html

13 SAP Logon Ticket - Single Sign-On 1 SAP Logon Tickets can be used for single sign-on through the SAP Enterprise Portal. SAP provides a Web Server Filter that can be used for an authentication via http header variable and a Dynamic Link Library for verifying SSO Tickets in 3rd party software which can be used to provide native support for SAP Logon Tickets in applications written in C or Java. https://store.theartofservice.com/the-single-sign-on-toolkit.html

14 SAP Logon Ticket - Single Sign-On to Microsoft Web Applications 1 This new ISAPI Filter requests a constrained Kerberos ticket for users identified by valid SAP Logon Ticket that can be used for SSO to Microsoft web based applications in the back end.[ http://www.sdn.sap.com/irj/scn/go/portal/pr troot/docs/library/uuid/47d0cd90-0201- 0010-4c86- f81b1c812e50?QuickLink=indexoverridela yout=true Using SAP Logon Tickets for Single Sign-On] https://store.theartofservice.com/the-single-sign-on-toolkit.html

15 SAP XI - Single Sign-On 1 SAP NetWeaver PI allows for Single Sign- On through SAP Logon Tickets[ http://help.sap.com/saphelp_nwpi71/helpd ata/en/32/1c1041a0f6f16fe10000000a155 0b0/frameset.htm Single Sign-On Configuration - Procedure for PI Web Components] and x.509 certificates. Certificates allow for the usage of Secure Network Communications (SNC) and Secure Socket Layer (SSL). https://store.theartofservice.com/the-single-sign-on-toolkit.html

16 Public key infrastructure - Temporary certificates and single sign-on 1 This approach involves a server that acts as an online certificate authority within a single sign-on system. A single sign-on server will issue digital certificates into the client system, but never stores them. Users can execute programs, etc. with the temporary certificate. It is common to find this solution variety with X.509-based certificates.Single Sign-On Technology for SAP Enterprises: What does SAP have to say? [http://www.secude.com/html/?id=1890] https://store.theartofservice.com/the-single-sign-on-toolkit.html

17 Univention Corporate Server - Single sign-on 1 With help of the identity provider, a single sign-on functionality for third party web services and applications (e.g., Google Apps, Salesforce.com etc.) can be realized while the authentication is done at the identity provider itself https://store.theartofservice.com/the-single-sign-on-toolkit.html

18 For More Information, Visit: https://store.theartofservice.co m/the-single-sign-on- toolkit.html https://store.theartofservice.co m/the-single-sign-on- toolkit.html The Art of Service https://store.theartofservice.com

Download ppt "Single Sign-On https://store.theartofservice.com/the-single-sign-on-toolkit.html."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work.

ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.

 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.

A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.
SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.

SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.

Similar presentations

Ads by Google