) Single Point login SSO principle Introduction

Source: Internet
Author: User

SSO is a very big topic. I have deep feelings about this topic. Since the establishment of the Guangzhou usergroup Forum, countless netizens have tried to use the open-source CAS, kerberos also provides another way of SSO, that is, SSO Based on Windows domains, and SAML, which has been booming since 2005.

For example, there is a gap between these free SSO solutions and commercial Tivoli, SiteMinder, and RSA Secure SSO products. After all, the security and user experience of commercial products are unparalleled. The SSO we mentioned now is only web SSO, that is, web-SSO is reflected in the client; the other is desktop SSO, for example, you only need to log on to Windows 2000 as Administrator once, so that I can skip the logon process when using MSN/QQ (note that this is not the password memory function of the client software ), it is a type of proxy User Password Input Function. Therefore, desktop SSO is reflected at the OS level. Today, when we mention SSO, we usually refer to Web SSO, which is mainly characterized by web protocols (such as HTTP/SSL) between SSO applications ), SSO has only one logon portal. In a simple SSO system, there are three roles: 1, user (multiple) 2, web application (multiple) 3, And sSo authentication center (one) although the SSO implementation mode is strange, it cannot be changed: l Web applications do not process user logon; otherwise, multiple logins are performed, and all logins are performed in the SSO authentication center. L The SSO authentication center uses some methods to tell the web application whether the current user is Zhang San/Li Si. L The SSO authentication center establishes a trust relationship with all web applications. The SSO authentication center determines whether a user's identity is correct and informs the web application in some way, the results must be trusted by web applications.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.