Вы находитесь на странице: 1из 35

Single Sign On

DEEPTHI T. DINESH J. KARTHIK R.

KARTHIKEYAN L.
NAVEEN M. RAGHU PRIYA A.

Introduction
Single sign-on is a user/session authentication process that permits a user to enter one name and password in order to access multiple applications. Authenticates the user for all the applications they have been given rights to and eliminates further prompts

In Client/Server relationship
In any client/server relationship, single sign-on is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications.

In E-commerce
In e-commerce, the single sign-on is designed to centralize consumer financial information on one servernot only for the consumer's convenience, but also to offer increased security by limiting the number of times the consumer enters credit card numbers or other sensitive information used in billing.

By capacity:
Holy Grail Enterprise Synchronization Web SSO Cross Domain Federated SSO

By capacity:
Holy Grail Enterprise Synchronization Web SSO Cross Domain Federated SSO

One identity eg. windows logon

By capacity:
Holy Grail Enterprise Synchronization Web SSO Cross Domain Federated SSO
a.k.a "Login automation" , After primary authentication, it intercepts further login prompts and fills them for you

By capacity:
Holy Grail Enterprise Synchronization Web SSO Cross Domain Federated SSO
Most common. a.k.a "same sign on"

By capacity:
Holy Grail Enterprise Synchronization Web SSO Cross Domain Federated SSO
Allows users to use a s ingle username and password to access different applications

By capacity:
Holy Grail Enterprise Synchronization Web SSO Cross Domain Federated SSO
Linking a person's electronic identity and attributes, stored across multiple distinct identity management systems

By capacity:
Holy Grail Enterprise Synchronization Web SSO Cross Domain Federated SSO
Multiple realms; user authenticated in one realm gets signed-on to an application using another realm

By Platform:

By Platform
Unix, Linux & Mac Java Applications Web Applications DB2 Other Databases

By Platform:

Eliminate identities, passwords and logons across the entire range of Unix, Linux and Mac systems for true AD-based, single sign-on secured by Kerberos.

Unix, Linux & Mac

Java Applications

Web Applications

DB2

Other Databases

By Platform:

Eliminate identities, passwords and logons across custom Java applications for true AD-based single sign-on secured by Kerberos.

Unix, Linux & Mac

Java Applications

Web Applications

DB2

Other Databases

By Platform:

Secure reverse-proxy architecture that protects important resources to ensure only appropriate remote access using AD-based SSO.

Unix, Linux & Mac

Java Applications

Web Applications

DB2

Other Databases

By Platform:
Quest provides Active Directory-based SSO for DB2, eliminating the need to create, manage and maintain separate identities, passwords and authentication mechanisms for both DB2

Unix, Linux & Mac

Java Applications

Web Applications

DB2

Other Databases

By Platform:

Quest provides Active Directory-based enterprise SSO (login automation) for any database that requires a password for authentication.

Unix, Linux & Mac

Java Applications

Web Applications

DB2

Other Databases

By Product
Authentication Services
improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.

Password Manager

enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload

Webthority

provides secure access to critical web resources while protecting systems from direct exposure.

Defender Single Sign-on for JavaEnterprise Single Sign-onSingle Sign-on for NetWeaver

provides secure access to critical web resources while protecting systems from direct exposure.

Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.

It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.

By Product
Authentication Services
improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.

Password Manager

enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload

Webthority

provides secure access to critical web resources while protecting systems from direct exposure.

Defender Single Sign-on for JavaEnterprise Single Sign-onSingle Sign-on for NetWeaver

provides secure access to critical web resources while protecting systems from direct exposure.

Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.

It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.

By Product
Authentication Services
improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.

Password Manager

enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload

Webthority

provides secure access to critical web resources while protecting systems from direct exposure.

Defender Single Sign-on for JavaEnterprise Single Sign-onSingle Sign-on for NetWeaver

provides secure access to critical web resources while protecting systems from direct exposure.

Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.

It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.

By Product
Authentication Services
improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.

Password Manager

enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload

Webthority

provides secure access to critical web resources while protecting systems from direct exposure.

Defender Single Sign-on for JavaEnterprise Single Sign-onSingle Sign-on for NetWeaver

provides secure access to critical web resources while protecting systems from direct exposure.

Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.

It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.

By Product
Authentication Services
improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.

Password Manager

enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload

Webthority

provides secure access to critical web resources while protecting systems from direct exposure.

Defender Single Sign-on for JavaEnterprise Single Sign-onSingle Sign-on for NetWeaver

provides secure access to critical web resources while protecting systems from direct exposure.

Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.

It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.

By Product
Authentication Services
improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.

Password Manager

enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload

Webthority

provides secure access to critical web resources while protecting systems from direct exposure.

Defender Single Sign-on for JavaEnterprise Single Sign-onSingle Sign-on for NetWeaver

provides secure access to critical web resources while protecting systems from direct exposure.

Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.

It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.

By Product
Authentication Services
improve operational efficiency with centralized authentication and single sign-on, as well as unify identities and consolidate directories for simplified identity and access management.

Password Manager

enables the end user to reset forgotten passwords securely, allowing administrators to implement stronger password policies while reducing the help desk workload

Webthority

provides secure access to critical web resources while protecting systems from direct exposure.

Defender Single Sign-on for JavaEnterprise Single Sign-onSingle Sign-on for NetWeaver

provides secure access to critical web resources while protecting systems from direct exposure.

Defender enhances security by enabling two-factor authentication to network, Web and applications-based resources.

It improves efficiency, enhances security and delivers compliance by using Active Directory for Java applications on any Web server or technology platform.

Legacy Approach to User Sign-on to Multiple Systems

How does it work?

Single User Sign-On To Multiple Services

Advantages
Reduced operational cost Reduced time to access data, e.g. ER Improved user experience, no password lists to carry Advanced security to systems Strong authentication
One Time Password devices Smartcards

Ease burden on developers Centralized management of users, roles Fine grained auditing Effective compliance (SOX, HIPPA)

Password synchronization
The password synchronization is the process of changing each password for different applications to the same value, so that the user always enters the same password. Once you install password synchronization software, users will enter the same password when they login to any of the synchronized systems, such as to their network, finance system, e-mail, calendar or the mainframe.

Password synchronization VS Single sign-on


Password Synchronization Process Simply changes all applications to the same password. User continues to login to each of those applications separately, but uses same password. Several times depends on the application required Single Sign-on

Use single username and password to sign in to one site, the client authentication of other site done by specific server Once for every domain

Login times

Password synchronization VS Single sing-on (con)


Manage credential data Manage passwords only, Use specific protocol to manage the client authentication and the secrete information Only one password, can make very secure Can encrypt to the sensitive data and send it by the SSL save channel

Weak password

Can only match the policy of the weakest system Once one application is compromised, all the other applications can be accessed, the sensitive data will be obtained.

Security

Pros and cons