Page 141 - Cyber Defense eMagazine June 2024
P. 141
What is SSO and How Does it Work?
SSO makes life easier by letting users hop from one app to another with just one click, no need to type
in their login details every time. It's like having a magic key that unlocks multiple doors! Basically, there
are two main players in this game: the Identity Provider (IDP) and the Service Provider (SP). The IDP is
where you're already logged in - your starting point, while the SP is where you want to go - your
destination. And when it comes to SSO, there are two popular ways it can happen: IDP-initiated SSO
and SP-initiated SSO.
Figure 1: Different Types of SSO Mechanisms
In both cases, the IDP issues a Security Assertion Markup Language (SAML) token containing a user
identifier, which the SP verifies for authenticity. Using this identifier, the SP finds the user in its database
and grants access for login.
Key Components of SSO
User Provisioning
For a seamless SSO transaction to occur the user’s identity must exist in both the systems. This can be
done either through a proactive database sync between the two software systems ahead of time or new
users can be provisioned on demand when a SSO request is received by the Service Provider (also
called Just In Time provisioning).
SAML (Security Assertion Markup Language) Token Verification
The SAML token includes a signature, user ID, and timestamp for token generation. A private-public key
shared certificate generates the signature, requiring an exchange between IDP and SP administrators
beforehand. The IDP holds the private key, and the SP holds the public key. Upon receiving a
SAMLResponse, the SP verifies the signature using its public key to authenticate the token. Timestamps
are also examined to prevent replay attacks by malicious actors who may acquire the token through a
man-in-the-middle attack.
Cyber Defense eMagazine – June 2024 Edition 141
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
