Single Sign-On (SSO) — A Glimpse
- Are you a person who accesses several apps per day?
- Do you click the “Forgot Password?” button of these apps more frequently than the sign in button?
- Do you refrain from writing down passwords on pieces of papers because you’re paranoid about your password falling into the the hands of anti-heroes or aliens?
If your responses to the above questions are yes, yes and yes, you’re at the right place. I shall start with an assuring “You’re not alone in this battle”.
When you handle a number of logins each day, you tend to mess up their passwords or even worse, forget them altogether. Having the same credentials for all the applications that you use is not the best practice either.
Let’s be selfless human beings for a second and think of the people who maintain these applications. Do you think they enjoy maintaining your passwords, especially when they have to reset it for the forgetful you on a frequent basis?
The solution for this never-ending struggle is Single Sign-On. Single Sign-on lets you log in to multiple applications using the credentials you provided once. How cool is that? This means, when you log in to one application and provide your credentials, any login to another application does not nag you for a password.
To understand how this happens we need to know the following keywords.
- User — Well, nothing much to elaborate here. It’s just you — the forgetful you, who wants access to certain applications.
- Service Provider — These are basically the applications that you want to access. The service providers trust the identity provider, when it says you are eligible to be granted access or not.
3. Identity Provider — This is a trusted system that authenticates you (the user) on behalf of your service providers.
When a user wants to access a service provider, the service provider gets in touch with his friend, the identity provider and asks “hey, is this user a YES?”. Only if the identity provider confirms that this user is good to enter, the user is permitted to access the app. This process is called authentication. Simply put, it is determining whether the user is really who he or she claims to be.
In the same way, multiple apps can contact the identity provider and allow user accesses without asking them to log in every other time. One thing that we should keep in mind is that SSO is session-based, where the authentication domain acts as the central domain and shares its session with all the other applications’ domains. When the user tries to log in to an application domain, he or she is redirected to the central domain. Since the user is already authenticated by the central domain, he or she is now free to access this application as well. Tadaa!
Like any other cool and convenient system in existence, SSO also has one major drawback which is the central point of access created. If somebody manages to penetrate into that safe zone, he will have access to the user’s various apps. Nevertheless, social apps have started acting as identity providers allowing users to access other applications via theirs. You might have definitely come across a “continue with facebook” or “sign in with google” in your online life.
A classic example of an elegant SSO is Google. Go to www.google.com and sign in with your google credentials. Now when you try to enter other associated applications like Gmail or drive, you wouldn’t be asked to enter your credentials over and over again.
WSO2 Identity Server is another easy-to-use identity provider which allows you to log in to other applications with immense convenience and more importantly utmost security.
Hope you got a glimpse of how awesome an SSO system can be.
Let’s talk more about how SSO strives to impress us with its features in the next blog!