Working of Different Protocols of Single Sign-On

Image source: http://epok.net/wp-content/uploads/2017/07/using-central-auth-domain.png

For IT folks, the convenience of Single Sign-On protocols is becoming very popular. And why not, the solution makes life so easier for business users and IT pros. It provides them secure access to multiple online resources and day-to-day applications while maintaining and managing passwords in the easiest way. The method is growing day by day and becoming an integrated part of IT managers toolkit. One of the main reason of this is the security.

There are mainly four types( OAuth, OpenID, SAML, and WS-Fed) of Single sign-on or SSO protocols. Single sign-on is a great solution, it allows users to login to multiple websites that falls under the same roof using one set of credentials. The article will explain different types of SSO protocols with some related examples and when to use them. It is must for a business to choose the right protocol.

OAuth

OAuth is an open standard for authorization. It provides users a secure access to resources at the behest of the resource owner.

Working

The protocol allows an application to enable access to users services to other applications. When a user requests a service from a service provider then it redirects the user to a trusted provider for further authentication.

When to use

To offer temporary access to third-party resources on the behalf of authentic user.

Example

A photo sharing app (acts as an OAuth consumer) that permits users to import photos from their Instagram profile (OAuth provider). The OAuth provider sends a temporary token to the photo sharing app that expires after some time.  

OpenID

OpenID is a type of decentralized authentication protocol. The protocol allows users to authenticate using co-operating sites.

Working

Users can login to applications that support OpenID authentication only by selecting OpenID providers. Anyone can easily set up OpenID providers.

When to use

To provide authentication to your applications and web services to users without requesting them to create new accounts.

Example

Lets take the example of photo sharing app again. The app allows users to post photos by only logging in to their social media account (Facebook OpenID) or Google OpenID provider.

SAML (Security Assertion Markup Language)

SAML protocol specifies a protocol for resource users to authorize access to third-party to service resources without the need of sharing their credentials.

Working

When a user requests a service from a service provider, the service provider redirects him to a trusted identity provider for authentication.

When to use

When users have to access single sign-on web services.

Example

When a user is authenticating with a flight booking website (service provider) then a request is sent to AirFlyer (identity provider) which is SAML configured. All the details are provided to the service provider by the identity provider and a user can book his flight ticket without further authentication.

WS-Fed

Ws-Fed is a type of SSO protocol that allows users to access services from different platforms based on mutual trust. The federation is based between relying parties and identity providers.

Working

The working of WS-Fed protocol is very close to SAML protocol. A SAML token is issued by the identity provider to provide authentication with service providers.

When to use

It can be used for all the cases that are for SAML protocol. Most commonly it is used where there are numbers of different service providers.

Example

When the user has to debit money from an ATM machine. He can debit money from any ATM regardless of bank. An authentication request is sent to the identity provider by the service provider. After verification, access is granted.

All the protocols that are mentioned in the article are very secure and safe. Businesses have to choose the one that perfectly matches their demands.