Understanding SSO – Part 1

By /

Understanding SSO concepts

To better understand SSO we first understand the evolution of authentication .

1) Simple authentication architecture (Without SSO)

 

  • There is a client (who is using the browser).
  • There is a server (which is basically a web server for the application) .
  • Client calls the login page and enters the Credentials .
  • Server authenticates the credentials again the DB .
  • Once authentication succeeds a session cookies is established between the client and server .

2) Generic SSO architecture

 

 

  1. The First call made to the web-application is redirected to the Identity provider (IdP) login page.
  2. User enters the credentials via browser and get back the token from the Identity provider (IdP).
  3. Token is sent to the Web application .
  4. Web app had a trust relationship with Idp or can have a key from Identity Provider (IdP) which is used to check the validity of the token.
  5. Once the validation succeeds the Web application puts a session cookie on the browser and the connection is established .

3) Understanding the Protocols

Now since we have understood the basic SSO mechanism , now is the time to get an understanding of the underlying authentication protocols used .

whenever we talk SSO we quite often hear about SAML , Open ID Connect , OAuth2 , OIDC etc.

Lets try to understand these

  • First thing first we need to understand that Open ID Connect and OIDC are the same protocol , so let’s not confusion over that .
  • Second important point is While OAuth 2.0 is an authorization protocol, OIDC is an identity authentication protocol .
  • Third point we need to know is The OpenID Connect (OIDC) protocol is built over the OAuth 2.0 protocol and helps authenticate users and convey information about them .
  • SAML is XML based and OIDC is JSON based protocol
  • SAML is quite old is Industry hence is quite matured but at the same time Complex .
  • SAML has highest security standard where as OIDC is moderate
  • OIDC is top in sense of user friendliness and implementations

So I hope you got the gist now i.e. SAML and OIDC can be used for identity authentication. These 2 protocols hence are also used for SSO implementations .

4) Differences between SAML and OIDC

 

 

Stay tuned to check more about SSO in our next article…

Language
Scroll to Top