Single Sign-On (SSO) is a key feature of the WSO2 Identity Server that enables users to provide their credentials once and obtain access to multiple applications.
What is SSO?
SSO is a property of access control for independent software systems, which are multiple related. With this property, a user can access to connected system or systems using one user name and password without using a different user name or password.
SSO enables users to provide their credentials once and obtain access to multiple applications. The users are not prompted for their credentials when accessing each application until their session is terminated. Additionally, the user can access all these applications without having to log into them individually.
For example, if users log into application A, they would automatically have access to application B as well for the duration of that session without having to re-enter their credentials.
Service Providers and Identity Providers
In an SSO system there are two roles:
- Service Providers
- Identity Providers (IP)
The important characteristic of an SSO system is the pre-defined trust relationship between the service providers and the identity providers. Service providers trust the assertions issued by the identity providers and the identity providers issue assertions based on the results of authentication and authorization of principles which access services on the service provider's side. WSO2 Identity Server can act as the identity provider of an SSO system with minimal configurations.
Advantages of SSO
- Users need only a single username/password pair to access multiple services. They do not have to remember multiple username/password pairs.
- Users are authenticated only once at the identity provider and then they are automatically logged into all services within that "trust-domain". This process is more convenient to users as they do not have to provide their username/password at every service provider.
- Service providers do not have the overhead of managing user identities, which is more convenient for them.
- User identities are managed at a central point. This is more secure, less complex and easily manageable.
SSO is widely used in web technologies. Google is one of the best examples.
Try this simple exercise,
- Visit www.google.com from your web browser.
- Click on the SIGN IN button on the top right of the page.
- Once you sign in, you are redirected to https://accounts.google.com/ServiceLogin. There you are requested to enter your Username and Password. Enter your Google credentials there.
- Once you enter your Username and Password, you are directed back to www.google.com where you started.
- Next visit www.gmail.com, the Google mail server.
- Notice that you are automatically signed in and you directly access your Gmail Inbox. You did not have to enter your Username and Password at Gmail.
Now try www.youtube.com.
You are automatically signed in. You do not have to enter your username and password at YouTube.
Notice the URL of the web browser. Each time you access an application, you see that you are being redirected to https://accounts.google.com/ServiceLogin and return immediately back to the website.
- For a sample on configuring SSO with WSO2 Identity Server, see Configuring Single Sign-On.
- To learn how to configure SSO in WSO2 Identity Server with different inbound authenticators, see Configuring a Service Provider.
- Explore the following topics to learn how to configure SSO with the corresponding protocols.