Single sign-on

About: Single sign-on is a research topic. Over the lifetime, 1036 publications have been published within this topic receiving 15240 citations. The topic is also known as: SSO.

System and method for single sign-on to a plurality of network elements

Abstract: A secured network permits a single sign-on ("SSO") of users to a plurality of network elements. Data structures, procedures and system components that support the SSO functionality in a distributed networked environment are included in the secured network. The SSO functionality can be implemented and integrated into an existing network platform or used as the backbone protocol to new network installations. DCE-based features as well as ERA and EAC can be utilized as the foundation for the implementation. The SSO functionality may be implemented and integrated without requiring significant low level development or major modifications in a network.

Single sign-on framework with trust-level mapping to authentication requirements

Abstract: A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are associated with trust levels and a log-on service (e.g., 120) obtains credentials for an entity commensurate with the trust-level requirement(s) of one or more information resources (e.g., 191, 192, 193) to be accessed. Once credentials have been obtained for an entity (e.g., 170) and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps

Abstract: Single-Sign-On (SSO) protocols enable companies to establish a federated environment in which clients sign in the system once and yet are able to access to services offered by different companies. The OASIS Security Assertion Markup Language (SAML) 2.0 Web Browser SSO Profile is the emerging standard in this context. In this paper we provide formal models of the protocol corresponding to one of the most applied use case scenario (the SP-Initiated SSO with Redirect/POST Bindings) and of a variant of the protocol implemented by Google and currently in use by Google's customers (the SAML-based SSO for Google Applications). We have mechanically analysed these formal models with SATMC, a state-of-the-art model checker for security protocols. SATMC has revealed a severe security flaw in the protocol used by Google that allows a dishonest service provider to impersonate a user at another service provider. We have also reproduced this attack in an actual deployment of the SAML-based SSO for Google Applications. This security flaw of the SAML-based SSO for Google Applications was previously unknown.

Method and system for authenticating users to multiple computer servers via a single sign-on

Abstract: A method for authenticating an authorized user to multiple computer servers within a distributed computing environment after a single network sign-on is disclosed. In accordance with the method and system of the present invention, an authentication broker is provided within the distributed computing network. The authentication broker first receives an authentication request from a workstation. After a determination that the authentication request is valid, the authentication broker then issues a Kerberos Ticket Granting Ticket to the workstation. At this point, if there is a request by the workstation for accessing a Kerberos Ticket-based server within the distributed computing network, the authentication broker will issue a Kerberos Service Ticket to the workstation. Similarly, if there is a request by the workstation for accessing a passticket-based server within the distributed computing network, the authentication broker will issue a passticket to the workstation. Finally, if there is a request by the workstation for accessing a password-based server within the distributed computing network, the authentication broker will issue a password to the workstation. By this, accesses to all of the above servers within the distributed computing network can be granted via a single network authentication request.

Single sign-on access in an orchestration framework for connected devices

Abstract: Aspects described herein allow multiple devices to function as a coherent whole, allowing each device to take on distinct functions that are complementary to one another. Aspects described herein also allow the devices function as a coherent whole when interconnected devices and their respective applications are configured to operate in various operation modes, when management policies are employed to control the operation of the interconnected devices and their respective applications, when transferring content between the interconnected devices and storing the content at those devices, when obtaining access credentials for the interconnected devices that enable the devices to access enterprise resources, when a policy agent applies management policies to control operation of and interaction between the interconnected devices, and when the interconnected devices are used to access an enterprise application store.