Single Sign On (SSO)
Single sign on is an authentication process that allows a user to access multiple applications with one set of login credentials. That means once you log in you do not have to login repeatedly for every application link to the system. Single sign on is platform independent and helps in providing a better user experience.SAML 2.0
SSO services uses security assertion mark-up language (SAML 2.0) which is an XML standard that facilitates the exchange of user authentication and authorization of data across secure domains. SAML simplifies the authentication and authorization process for the user, an identity provider and a service provider. When the user attempts to access an application, the service provider will send a request to identity provider for authentication.Lightweight Directory Access Protocol(LDAP)
LDAP is a lightweight directory access protocol. In simple words, its hierarchical database where data is stored in a tree-like structure where the leaf node holds actual data. Some familiar products which use LDAP are Microsoft Active Directory, IBM Tivoli Server, Oracle Directory, JNDI, Open LDAP.
LDAP authentication can be called as authenticating the user using LDAP server such as active directory.
Suppose there is a software organization having more than 50 employees and they want a centralized repository to control their resource such as users, computers. Only a certain user should be allowed to access highly secure computers. It can be achieved using an active directory(LDAP) where only an authenticated user can gain access to the secure system.Benefits of single sign on
SSO reduces risk for access to third party sites (user passwords not stored externally). It also alleviate password fatigue from different user name and password combinations. Reduces IT cost due to lower number of IT help desk calls about password. Reduces time spent re-entering password for the same identity.
pCloudy has included this feature in the on premise device cloud. This makes it easier for the app testers as they can sign in into different applications with one set of credentials. Single sign on helps testers save time and effort by a more simplified authentication process.pCloudy SSO integration architecture
Sequence of events for integration of SAML 2.0 Authentication
- The user attempts to reach a web application at a service provider (SP i.e pCloudy Set Up).
- The service provider generates a SAML request and redirects the user to the IdP's SSO URL with the generated request.
- The IdP authenticates the user and generates a SAML response.
- The user is redirected back to the SP with the SAML response.
- The SP verifies the SAML response.
- The user is successfully logged-in to the SP's web application.
SAML assertion is the XML document that the identity provider sends to the service provider, that contains user authorization. There are Three types of SAML assertion:
Authentication assertion - It proves identification of the user and provide the time the user logged in and what method of authentication they used.
Attribute assertion - It passes the SAML attributes to the service provider. SAML attributes are specific pieces of data that provide information about the user.
Authorization decision assertion - It says if the user is authorized to use the services or if the identity provider denied the request due to password failure or lack of rights of the service.
SSO solves the problem of managing the increasing number of users across an ecosystem of application and services. It is a step forward in the optimization of pCloudy integrated architecture.