The term single sign-on solution or SSO solution is gaining attention from the last few years. It is becoming a new trend and has a huge range of implementation. The solution relieves users from the burden of dealing with numbers of credentials.
With only one set of credentials, users can access multiple resources but of the same business for a session. That means only a single password to remember. The SSO solution simply reduces the fear of password.
In this article, I am going to explain different SSO protocols (the mechanism behind the working of the solution).
The SSO protocols generally work on the three factors: a user (U), a relying party (RP) and an identity provider (IP).
The identity provider plays an important role in centralizing the identification of the users. When a user wants to access any service, the relying party uses the service provided by the identity provider.
Mainly there are two types of protocols used by the relying party to implement the SSO solution, OpenID protocol and Security Assertion and Markup Language (SAML) protocol.
It is a user-centric and open protocol for Web SSO. According to a statement by the OpenId foundation, more than a million OpenID enabled users are provided by the major service providers such as Yahoo, Google etc.
How to setup OpenID protocol?
- In the first step, a user (U) enter his OpenID (i), via an authentication form offered by the relying party (RP).
- RP makes an HTTP request (i) to fetch the document that contains OpenID endpoint and redirects U to IdP.
- The user U needs to enter his credentials which he set up with IdP.
- In the end, IdP verifies the credentials entered by the U and redirects him to RP with a web authentication token.
The process of setting up SAML protocol is quite different from the OpenID protocol setup.
How to setup SAML protocol?
- The user asks service provider (SP) to provide a resource. The SP sends U an HTTP redirect response to IdP which contain an authentication request where ID is generated randomly.
- If the user (U) is not currently logged-in with his account in the same browser, IdP will ask him to provide the credentials.
- If the credentials matches, IdP builds an authentication assertion.
- SP then delivers the requested page to the user.
These are the two different SSO protocols and way to set them up. If you want to add more protocols, let me know in the comments.