Questions tagged [sso]

Single Sign-On is when a user can use the same set of authentication credentials to access multiple different services.

  • Single sign-on is a concept under Federated Identity Management. It solves the end user's problem of maintaining different sets of credentials for different web services
  • With the help of an authentication token generated by an Identity Provider the user may access multiple different services in the same web session without re-entering his or her credentials for every service.
  • One of the popular SSO standard is Security Assertion Markup Language which is the backbone of many SSO solutions present in the market.
  • Many big players like Facebook, google and yahoo also provide Federated Identity services
159 questions
37
votes
5 answers

Why do I need Kerberos when I could just use a username and password to access services?

I have read that Kerberos is used for authenticating users who wish to access services on various servers in an enterprise network, but I still do not understand the purpose of Kerberos. Why doesn't the system admin just create a user account for…
Minaj
  • 1,536
  • 2
  • 14
  • 23
35
votes
8 answers

Why don't some services offer Google/Facebook/Apple/Twitter login

Why don't some services offer Google/Facebook/Apple/Twitter login? Namely Crypto exchanges. I assume they want as many users as possible & this is a great way to get more. Is there some sort of security vulnerability associated with them? Edit: For…
Trevor Wood
  • 533
  • 1
  • 4
  • 10
23
votes
6 answers

How to set up a single sign-on for multiple domains?

I've set up a single-sign-on for two of our sites that live on the same domain: a.domain.com and b.domain.com I did it through cookies, but they are domain-dependant. And - as it is written in the Great Book - now the need for single-sign-on on…
samy
  • 545
  • 1
  • 4
  • 10
21
votes
7 answers

Appropriate password requirements for a login (OpenID) service/provider/delegate/thing

This is with regards* to Stack Exchange's upcoming OpenID provider (and in particular, discussion about password requirements). Currently, password requirements are: Must contain 3 of: lower case character, upper case character, number, special…
Kevin Montrose
  • 311
  • 1
  • 7
16
votes
4 answers

How is SAML solving the cross domain single sign-on problem?

Let's say I have two websites that live on separate domains, and their service providers both talk to the same identity provider on a third domain. I log into the first website and authenticate, and now I decide to visit the second website. The…
user3127
16
votes
2 answers

Why is OpenID considered secure when password reuse is not?

OpenID allows you to use your e.g. Google/Facebook/Microsoft account to log into a third party website. It can be used to log into Stack Exchange. Why is this considered an acceptable practice, while password reuse is not? Does it not amount to…
JonnyWizz
  • 1,971
  • 1
  • 14
  • 34
15
votes
4 answers

How do the STS token formats compare to each other SAML vs SWT vs JWT?

I'm configuring an Azure ACS STS and would like to know if there is any impact on security based on the following token formats or how they are used. The answers to this questions should apply to other STSs such as CA Siteminder, Ping Identity,…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
14
votes
4 answers

How does SSO enhance security?

The following quote is from the CompTIA Security+ guide: Single sign-on enhances security by requiring users to use and remember only one set of credentials for authentication. How is that enhancing security ? The way I see it is that it's rather…
Ulkoma
  • 8,793
  • 16
  • 65
  • 95
14
votes
4 answers

SSO - What should happen when the user clicks "Log out"

We are adding the ability for enterprises to configure login to our web application via external single-sign-on providers (initially via WS-FED, however, future versions will support additional protocols). Username/password authentication will also…
Justin
  • 458
  • 1
  • 4
  • 12
13
votes
1 answer

SAML, and forcing a re-authentication

I have a use case forced upon me by industry regulation. I wish it wasn't there, but it is. A user logs in to my service, navigates around, etc. The user can perform many actions, but one of the actions requires (by industry regulation) that the…
Alan C.
  • 245
  • 2
  • 6
12
votes
1 answer

SAML 2.0 IdP metadata security

Identity Providers (IdP) often provide a metadata file that is used when setting up SAML. This file needs to be entered into a Service Provider (SP). Do we need to keep this metadata file private and secure? Or is the information within it all safe…
Ben McCann
  • 319
  • 2
  • 10
12
votes
2 answers

How does openid implement Single sign on?

I'm wondering which security model is behind the OpenID. Is it anything like kerberos?
user705414
12
votes
2 answers

How to implement cross-domain, auto-login SSO without browser redirects for unlogged users?

I need to implement an SSO solution with the following requirements: Cross-domain: Let's assume I have a.com, b.com and sso.com. If I become logged in through a.com, I shouldn't need to login when I visit b.com. Centralized: Unlogged user clicking…
Jan Żankowski
  • 311
  • 1
  • 2
  • 11
12
votes
2 answers

Definition of "passive" and "active" authentication?

I came across the concepts of passive authentication and active authentication in my work related to SAML 2.0 single-sign-on integration. I tried very hard to find a clear, generic definition and a proper explanation on these two concepts but almost…
Chiranga Alwis
  • 221
  • 2
  • 5
10
votes
3 answers

How to achieve seamless SSO without having the user to login again (SAML 2.0 & ADFS using OpenSSO)

We need to implement seamless SSO with ADFS SAML 2.0 using OpenSSO & we plan to go with IdP initiated GET binding. The user in client network will log in to ADFS with Windows credentials once every morning. Thereon, whenever he accesses our…
user36009
  • 163
  • 1
  • 1
  • 5
1
2 3
10 11