A Walk Through SSO
Suresh Attanayake
Software Engineer
About WSO2
• Providing the only complete open source componentized cloud platform
– Dedicated to removing all the stumbling blocks to enterprise agility– Enabling you to focus on business logic and business value
• Recognized by leading analyst firms as visionaries and leaders– Gartner cites WSO2 as visionaries in all 3 categories of applica-
tion infrastructure– Forrester places WSO2 in top 2 for API Management
• Global corporation with offices in USA, UK & Sri Lanka– 200+ employees and growing
• Business model of selling comprehensive support & mainte-
nance for our products
What we cover today
● Problems with traditional authentication
● How SSO solves those problems
● Need for Open Standards
● Introduction to some open standards and how they solve the common authentication problems
Next Webinar - SSO with the WSO2 Identity Server
● Some SSO technologies in detail
– OpenID
– SAML
– Kerberos
– WS-Trust
– WS-Federation
● Demos with the WSO2 Identity Server
● Solving identity problems
Story begins
World Wide Web
● News
● Multimedia
● Information (wiki, blogs)
● Forums
● Social Networking
● E-commerce
● Online Banking
Authentication is required
● Protect resources
● Authorization
● Identification
Something you know
Multiple Web Applications
Multiple Web Applications
Netcraft Survey
Multiple User Stores
Problem #1 – Too many credentials
Problem #2 – There is already a Bob
Problem #3 – Using the same credential
Shared User Store
Problem #4 – Multiple Logins
Shared User Store is not always an option
Shared User Store is not always an option
● World Wide Web
Central Authentication Service (CAS)
Problem #1 – Too many credentials
Problem #2 – There is already a Bob
Solution - One Username & one Password
Problem #3 – Using the same credential
Solution - Login only at the CAS/IP
Problem #4 – Multiple Logins
Solution - Login once at the CAS/IP
Whats more ?
● User convenience
● Less IT Help Desk calls
● More secure
Open Standards
Why Open Standards ?
● More secure solutions
● You are not your own
● Be alerted an up-to-date
– http://oauth.net/advisories/2009-1/
● Freely available libraries and plugging
● Interoperability
● Extensibility
OpenID
OpenID Providers
OpenID Identifiers
– https://profiles.google.com/YourGoogleID
● Blogger
– http://blogname.blogspot.com/
● MySpace
– http://www.myspace.com/username
Relying Parties
Relying Parties
● Over 50,000 web sites
– http://wiki.openid.net/w/page/25453698/Gallery
● One billion user accounts
● Drupal, Wordpress and libraries
● Visit http://openid.net/
SAML(Security Assertions Markup Language)
SAML Web Browser SSO Profile
Kerberos
WS- Trust
WS- Federation
Identity Delegation
OpenID Connect
Questions?
150+ globally positioned support customers
Thank you