A Walk Through SSO

Suresh Attanayake

Software Engineer

About WSO2

• Providing the only complete open source componentized cloud platform

– Dedicated to removing all the stumbling blocks to enterprise agility– Enabling you to focus on business logic and business value

• Recognized by leading analyst firms as visionaries and leaders– Gartner cites WSO2 as visionaries in all 3 categories of applica-

tion infrastructure– Forrester places WSO2 in top 2 for API Management

• Global corporation with offices in USA, UK & Sri Lanka– 200+ employees and growing

• Business model of selling comprehensive support & mainte-

nance for our products

What we cover today

● Problems with traditional authentication

● How SSO solves those problems

● Need for Open Standards

● Introduction to some open standards and how they solve the common authentication problems

Next Webinar - SSO with the WSO2 Identity Server

● Some SSO technologies in detail

– OpenID

– SAML

– Kerberos

– WS-Trust

– WS-Federation

● Demos with the WSO2 Identity Server

● Solving identity problems

Story begins

World Wide Web

● News

● Multimedia

● Information (wiki, blogs)

● Forums

● Email

● Social Networking

● E-commerce

● Online Banking

Authentication is required

● Protect resources

● Authorization

● Identification

Something you know

Multiple Web Applications

Multiple Web Applications

Netcraft Survey

Multiple User Stores

Problem #1 – Too many credentials

Problem #2 – There is already a Bob

Problem #3 – Using the same credential

Shared User Store

Problem #4 – Multiple Logins

Shared User Store is not always an option

Shared User Store is not always an option

● World Wide Web

Central Authentication Service (CAS)

Problem #1 – Too many credentials

Problem #2 – There is already a Bob

Solution - One Username & one Password

Problem #3 – Using the same credential

Solution - Login only at the CAS/IP

Problem #4 – Multiple Logins

Solution - Login once at the CAS/IP

Whats more ?

● User convenience

● Less IT Help Desk calls

● More secure

Open Standards

Why Open Standards ?

● More secure solutions

● You are not your own

● Be alerted an up-to-date

– http://oauth.net/advisories/2009-1/

● Freely available libraries and plugging

● Interoperability

● Extensibility

OpenID

OpenID Providers

OpenID Identifiers

● Google

– https://profiles.google.com/YourGoogleID

● Blogger

– http://blogname.blogspot.com/

● MySpace

– http://www.myspace.com/username

Relying Parties

Relying Parties

● Over 50,000 web sites

– http://wiki.openid.net/w/page/25453698/Gallery

● One billion user accounts

● Drupal, Wordpress and libraries

● Visit http://openid.net/

SAML(Security Assertions Markup Language)

SAML Web Browser SSO Profile

Kerberos

WS- Trust

WS- Federation

Identity Delegation

OpenID Connect

Questions?

150+ globally positioned support customers

Thank you