Tuesday, April 28, 2009

Single Sign-On Overview

Today lets discover Single Sign-On (SSO) like why its used , advantages of using it , what all different type of applications can use SSO including technical details of SSO .

What is Single Sign-On Server (SSO) ?
As name says Single-Sign On Server is set of services (Software) which enables login to Application once which will allow you to login to Ppartner Applications with no need to login again. Lets assume I have configured single SSO Server for Portal , E-Business Suite, Collaboration Suite plus some other other applications, Now if I login to any one of them & after that if I wish to login to other applications I should be able to login without supplying passwords again.

How will I log off then ?
This is called as Single Sign-Off which is part of SSO server , If you logout from any one application SSO server will log off from all applications.

What are Technology Stack components of SSO Server ?
SSO consist of OC4J_Security & HTTP Server which are part of Oracle Identity Management which inturn part of Oracle Infrastructure Server which in turn part of Oracle Application Server. SSO server uses Oracle Internet Directory to store User Credentials in encrypted format for Partner Applications . If some one ask you to bounce SSO server , you bounce either of them or both . Oracle components uses mod_osso which is part of Oracle HTTP Server to connect to SSO server.

Partner Application & External Applications ?
As mentioned above lot of time about Partner Applications ; Partner Applications are the one which delegates their authentication to SSO server (like Portal, Discoverer, E-Business Suite, Collaboration Suite) where as External Applications are applications which don't delegate their authentication to SSO Server (like yahoo, google, hotmail applications).
What does delegating Authentication means here ? Delegating authentication means partner application will ask sso to verify if a user is authenticated properly or not where as external application will check username/password at their end sso server will simply hold username/password in OID (If users select remember external application password)

Request Flow when SSO is used ...
Very important to understand request flow when a application is configured with SSO & user tries to access Application .
1) User first time tries to access application (like portal, collabsuite, apps 11i) configured with sso server
2) Application checks that there is no login cookie set into User(Clients) browser so Application redirects it to Single Sign-On Server via mod_osso
3) Single Sign-On Server returns login page to user & user enter his/her username/password
4) SSO validates these password against one stored in Oracle Internet Directory
5) If password matches then SSO return a token to client with list of all applications which user has access and return client back to original application
6) This token is stored as part of cookie in user's/client's browser & further connections from client to applications will be allowed (as authentication token is already in cookie)

Do you know how to access Single Sign-On server from browser or what is SSO URL ?
Lot more on OID & Identity Management including IM Cluster coming soon ...

No comments:

Post a Comment