The Long Journey Of Single Sign On Solution
What else do you need if you can access multiple websites at the same time by login to only a single website? Maybe you are thinking how it can happen, it is impossible. I know thousands of doubts are running in your mind.
But my friend, you heard right, web single sign-on solution (WSSO) makes it possible. I will explain the basic concept and the working of WSSO later in this article.
Let’s start with what are the factors that raise the need of the solution.
Security while working with private information and other data is an important thing. We all are trying our best to keep our both offline and online data secure. Since the offline world is shifting its gear towards online, the attacks on private data is at the top.
Each day a new technology emerges that helps us in keeping ourselves secure. But on the very next day, hackers find the way to crash it. This is the main reason of why IT researchers are too much concerned about the term Security.
But too much security has its own reverse effects as it conflicts with the comfort of working and ease of use while working on online resources.
Passwords
They are the first wall of protection. I still remember the password of my first online resource that was my dial up connection, late in the nineties. I used to keep some cool passwords inspired by movies like Spiderman Godzilla and I also had a password 123456. Don’t tell anyone, I am still using the last one many times since it is easy to remember :)
Earlier those days, I only had one online resource to access but today the scenario is totally different. Today, I have passwords for Facebook, Twitter, mailbox, active directory account and recently I added Instagram to the long list.
Okay, somehow I managed the passwords of mentioned resources. But when I joined a company as a marketing manager, I was bombarded with dozens of accounts. Let’s see what I did to manage my passwords.
Password Managers
Earlier I used to note down my passwords in a separate notebook that was stolen one day and suddenly I lost all my credentials. After that incident, I did research and came to know about password managers. I found password managers pretty cool because I don’t need to note down my passwords in a notebook or on sticky notes anymore.
This was pretty cool but in order to know my all passwords I have had to enter another password of password manager tool (I had to remember this- JBieber!Sucks)
I had to find a solution that fulfills some conditions. I should be able to:
Reduce the password count to remember.
Login to multiple websites without a necessity to look into note sheets.
Will improve my authentication experience.
The above-mentioned conditions can be met if I go with a solution that offers single secure service that is trusted by all the online services that I need to work with.
The idea is very simple, I login to an account with my favorite password (MySandwich!!) and I will automatically be logged in to other resources that I need to access.
And this is exactly how web single sign-on works.
One key = Multiple locks, this is the principle of single sign-on solution.
It has become the essence of authentication today. Let’s understand its working concept with an example.
You want to join a party at a club without an invitation but you have a friend who is a well known person in the club. He can tell the guy at the entrance that you both are together. In this case, we have the following elements.
You- the visitor
Or a user
The club
An online service which is interesting that you want to access.
Your friend
He is a well known trusted guy who provides SSO solution (eg. Google)
The guy at the entrance
The authentication page at the server
You want to get inside of the club but the guy at the entrance asks for your invitation (which you don’t have). You called your friend and asks him to validate your identity to the guard. Once your friend confirmed your identity to the guard, he will permit your entrance.
Congratulations bro! No invitation still going to enjoy the party! Anyways party hard but don’t forget to give big thanks to your friend who makes this possible.
The function of Web SSO is similar to the mentioned situation. You have to access a service but you don’t have credentials for that particular service but you have credentials to services that fall under the same category and are protected with SSO.
You will get the login permission without entering any credentials. Cool, right? So, we find that the solution makes authentication on several resources more convenient.
With the solution, you don’t need to remember dozens of passwords and somehow it reduces the risk of password loss. Now, you need to keep only one password in mind, so you can make it more complex something like this kjA@56Ha. I am sure such type of password is hard, very hard to guess.
The solution is also based on SAML (security assertion markup language) which is very secure and almost impossible to hack.
Thus the single login solution makes the life easier and too in a very secure way.