Single Sign-On (SSO) Mechanism: An Introduction

What is Single Sign-On (SSO)?

Definition of Single Sign-On

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

In the present active digital world, different users would have access to multiple systems in order to conduct their daily activities [1]. Single Sign-On (SSO) mechanism could help in solving different problems in relation with multiple credentials based on different applications.

The SSO could be defined as a mechanism, which would allow the users for authenticating mobile or web applications with a single username and password. This would be helpful for permitting access to multiple applications that would employ the same authentication provider. This mechanism is used for the purpose of authorization and authentication [2]. Authorization is defined as a process based on gaining access to a particular resource. Authentication helps in defining the process based on verification of the concerned user. This deals with the concept of integrity, confidentiality, availability and non-repudiation. SSO helps in improving the user and developer productivity based on avoiding the user in order to remember multiple passwords. SSO would allow the easy form of management of the user rights, changing of function and quick integration of applications.

The primary advantage of SSO is that the concerned user would not have to remember based on the credentials of the entire set of applications in a separate manner. The disadvantage of using SSO mechanism is that is the third party user would gain access to any website that would be integrated with some kind of protocols, then the entire systems would become insecure for use.

In this kind of mechanism, the user would register themselves within the IDP in order to receive the Open ID credentials. At this point, the user would want to access the Application A. This application would thus redirect the user to the IDP. If the user would want the access to the Web Application B, then it would send a request to the Web Application B [3]. Based on the receiving the request, the user would go to the identity provider and would check whether the user is active or not. If the user would be found to be active, then the Web Application B would allow the user to access it in an automatic manner. In a similar process, the different other web applications would also follow the similar process. The Web Application A would not know about the processes that would happen in Web Application B and vice-versa.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

There are two types of Single Sign-On systems. These include Simple SSO and Complex SSO.

Advantages and Disadvantages of SSO

Single SSO – This would cover the aspect of single authority of authentication. This kind of mechanism could be implemented within the homogeneous LAN and intranet in which the machines would be running on the same OS and would be trusting the same authority of authentication.

Complex SSO – This kind of mechanism would be able to cover the different authorities of authentication [4]. This would be implemented within different platforms and thus would entirely be governed based on different organisations. This could be implemented on either Extranet or Internet.

There are different kinds of protocols that are used in SSO mechanism such as OpenID, BrowserID, Kerberos and SAML.

The mechanism of OpenID could be defined as a decentralized scheme of authentication for the SSO mechanism. These type of users would be able to choose a trusted form of OpenID server in order to register themselves. Three kind of parties are involved within the OpenID mechanism [5]. These include the Service Provider (SP), the OpenID provider (OP) and the user.

SAML is defined as a XML message format that would be able to define a form of protocol specification in which two servers would need to share the information about authentication [6]. The protocol makes use of web infrastructure in which the XML data would move over HTTP protocols on the TCP/IP networks. IN SAML, the SP and IDP would be able to exchange messages with the help of the browser of the user. The IDP would validate the username and password of the particular user [7]. If the credentials would found to be correct, then it would send back a response of SAML authentication.   

The BrowserID would be able to offer a one-time log-in to different websites and services based on the connection by an e-mail address. The primary idea is that the user would only remember only a single e-mail address instead of different e-mail addresses [8]. The primary advantages of BrowserID is based on the ease of use, cross-browser implementation, decentralized, secure and an improved form of experience based on future browsers. This would also respect the privacy of the concerned user. BrowserID would employ the email addresses that would allow a site to make use of BrowserID without the help of any kind of additional information. BrowserID is one of the experimental version of Mozilla Labs, which is a new and not fully-defined and incompletely defined service [9]. This is primarily developed for Mozilla browser.

Types of Single Sign-On Systems

This is defined as an authentication system that was primarily designed by Clifford Neuman and Steve Miller. The project was targeted for Project Athena in MIT [10]. Kerberos employs a trusted third party or would call for a middle-man server that would be employed for the purpose of authentication. This form of authentication system would be entirely based on Needham-Schroeder protocol [11]. Kerberos is a kind of protocol that would be based between trusted hosts within the untrusted network based on different kinds of authenticating service requests.

The different kind of security issues that would be involved in SAML and Open ID are Man-in-the-Middle attack, Phishing and Session-related attacks. Two common forms of phishing attacks are: Phishing OP Pagewhere and Realm Spoofing.

The other forms of phishing attacks within Kerberos are: In the infrastructure supported by Kerberos, the credentials of the user login would be stored within the central server. Hence, it would be able to migrate each of the login credentials from local machines into the centrally located server. If an attacker would gain access to the centrally located server then the entire infrastructure would be put under serious threat.


Based on the discussion from the above research paper, it could be concluded that Single Sign-On would be an easy and secure process based on the reduction of one account per user for different kinds of services, centrally management of roles, number of passwords based on defining of resources in order to access control. This mechanism would prove to be beneficial for the end-users, help-desk and administrators. SSO would be able to gain much form of importance with the emerging need of cloud computing technology based on providing different forms of ICT based services. It would also reduce the chances of attacks based on phishing. As SSO provides access only with a single login, hence it should be implemented in a highly secure manner. The mechanism of SSO possesses their own strengths and limitations. Hence, each user should be able to carefully estimate the use within the system. The resources available for the deployment and management before the choice of SSO solution would be able to create a huge kind of vulnerability within the security of an organisation but it would not be implemented properly. OpenID in Single Sign-On would only be used for the purpose of authentication. This is used for the purpose of connecting for both of authorization and authentication. Additionally, if the amount of credentials increase, the amount of losing them would also be increased. Although there many kinds of attacks within the system such as man-in-the-middle attacks, session attacks and phishing attacks still the improved form of security within the mechanism would be able to mitigate the impact of such kind of attacks.


  • Wang, Guilin, Jiangshan Yu, and Qi Xie. “Security analysis of a single sign-on mechanism for distributed computer networks.” IEEE Transactions on Industrial Informatics9, no. 1 (2013): 294-302.
  • Carbone, Luca Compagna, Jorge Cuéllar, Giancarlo Pellegrino, and Alessandro Sorniotti. “An authentication flaw in browser-based single sign-on protocols: Impact and remediations.” Computers & Security33 (2013): 41-58.
  • Wang, Guilin, Jiangshan Yu, and Qi Xie. “Security analysis of a single sign-on mechanism for distributed computer networks.” IEEE Transactions on Industrial Informatics9, no. 1 (2013): 294-302.
  • Urueña, Manuel, Alfonso Muñoz, and David Larrabeiti. “Analysis of privacy vulnerabilities in single sign-on mechanisms for multimedia websites.” Multimedia Tools and Applications68, no. 1 (2014): 159-176.
  • Tormo, Ginés Dólera, Félix Gómez Mármol, and Gregorio Martínez Pérez. “Towards the integration of reputation management in OpenID.” Computer Standards & Interfaces36, no. 3 (2014): 438-453.
  • Indu, I., PM Rubesh Anand, and Vidhyacharan Bhaskar. “Encrypted Token based Authentication with Adapted Security Assertions Mark-up Language Technology for Cloud Web Services.” Journal of Network and Computer Applications(2017).
  • Leitão, Paulo, José Barbosa, Maria-Eleftheria Ch Papadopoulou, and Iakovos S. Venieris. “Standardization in cyber-physical systems: The ARUM case.” In Industrial Technology (ICIT), 2015 IEEE International Conference on, pp. 2988-2993. IEEE, 2015.
  • Fett, Daniel, Ralf Küsters, and Guido Schmitz. “An expressive model for the Web infrastructure: Definition and application to the Browser ID SSO system.” In Security and Privacy (SP), 2014 IEEE Symposium on, pp. 673-688. IEEE, 2014.
  • Xu, Ya, Nanyu Chen, Addrian Fernandez, Omar Sinno, and Anmol Bhasin. “From infrastructure to culture: A/b testing challenges in large scale social networks.” In Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 2227-2236. ACM, 2015.
  • Hidar, Ahmad M. Saeed. “Authentication and Authorization in Cloud Computing Using Kerberos.” PhD diss., Universiti Teknologi Malaysia, 2014.
  • Dowdeswell, Roland, and Nicolas Williams. “Negotiation of Extra Security Context Tokens for Kerberos V5 Generic Security Services Mechanism.” (2014).
  • Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Pellegrino, G., & Sorniotti, A. (2013). An authentication flaw in browser-based single sign-on protocols: Impact and remediations. Computers & Security, 33, 41-58.

Calculate your order
Pages (275 words)
Standard price: $0.00
Client Reviews
Our Guarantees
100% Confidentiality
Information about customers is confidential and never disclosed to third parties.
Original Writing
We complete all papers from scratch. You can get a plagiarism report.
Timely Delivery
No missed deadlines – 97% of assignments are completed in time.
Money Back
If you're confident that a writer didn't follow your order details, ask for a refund.

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:
Power up Your Academic Success with the
Team of Professionals. We’ve Got Your Back.
Power up Your Study Success with Experts We’ve Got Your Back.