Single Sign On - SSO Flashcards
(2 cards)
SSO (Single Sign-On)
SSO can be thought of as a master key to open all different locks. It allows a user to log in to different systems using a single set of credentials.
SSO Steps
๐ญ) ๐จ๐๐ฒ๐ฟ ๐ฟ๐ฒ๐พ๐๐ฒ๐๐๐ ๐ฎ๐ฐ๐ฐ๐ฒ๐๐
First, the user would attempt to access the Service Provider (LinkedIn). At this point, a user would be presented with login options, and in this example, they would select โSign in with Googleโ.
๐ฎ) ๐๐๐๐ต๐ฒ๐ป๐๐ถ๐ฐ๐ฎ๐๐ถ๐ผ๐ป ๐ฟ๐ฒ๐พ๐๐ฒ๐๐
From here, the Service Provider (LinkedIn) will redirect the user to the Identity Provider (Google) with an authentication request.
๐ฏ) ๐๐ฑ๐ฃ ๐ฐ๐ต๐ฒ๐ฐ๐ธ๐ ๐ณ๐ผ๐ฟ ๐ฎ๐ฐ๐๐ถ๐๐ฒ ๐๐ฒ๐๐๐ถ๐ผ๐ป
Once the Identity Provider (Google) has received the request, it will check for an active session. If it doesnโt find one, authentication will be requested.
๐ฐ) ๐จ๐๐ฒ๐ฟ ๐๐๐ฏ๐บ๐ถ๐๐ ๐ฐ๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น๐
At this stage, the user will submit their login credentials (username and password) to the Identity Provider (IdP).
๐ฑ) ๐๐ฑ๐ฃ ๐๐ฒ๐ฟ๐ถ๐ณ๐ถ๐ฒ๐ ๐ฐ๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น๐
The Identity Provider will then verify the submitted credentials against its User Directory (database). If the credentials are correct, the IdP will create an authentication token or assertion.
๐ฒ) ๐๐ฑ๐ฃ ๐๐ฒ๐ป๐ฑ๐ ๐๐ผ๐ธ๐ฒ๐ป ๐๐ผ ๐ฆ๐ฒ๐ฟ๐๐ถ๐ฐ๐ฒ ๐ฃ๐ฟ๐ผ๐๐ถ๐ฑ๐ฒ๐ฟ
Once the token or assertion has been created, the IdP sends it back to the Service Provider confirming the userโs identity. The user is now authenticated and can access the Service Provier (LinkedIn).
๐ณ) ๐๐ฐ๐ฐ๐ฒ๐๐ ๐ด๐ฟ๐ฎ๐ป๐๐ฒ๐ฑ ๐๐๐ถ๐ป๐ด ๐ฒ๐ ๐ถ๐๐๐ถ๐ป๐ด ๐๐ฒ๐๐๐ถ๐ผ๐ป
Since the Identity Provider has established a session, when the user goes to access a different Service Provider (eg; GitHub), they wonโt need to re-enter their credentials. Future service providers will request authentication from the Identity Provider, recognize the existing session, and grant access to the user based on the previously authenticated session.
