Validating identity connection

In the following sections, we will provide a background into the protocols, roles and terminology involved in open standard federation protocols and how you as a developer can leverage these protocols to secure and enable identity in your application.

Prior to diving into SSO, lets re-visit the general process a user follows to login to a traditional application: The authentication step is used to determine the identity of the user accessing the application or service. entering a username and password) that only that person will be able to successfully complete, the application can be reasonably comfortable that the user accessing the system is who they say they are.

In the application world, the most common form of authentication request is the login screen asking for a username and password.

validating identity connection-50validating identity connection-84

Various mechanisms can be used to reduce or eliminate the burden of logging in to each application, such as: A new challenge arrives when the requirement for cross-domain authentication is introduced – where the user authenticating is no longer in the same domain as the application.

A few examples of where this occurs are: SSO protocols such as Kerberos rely on the user being located inside a trusted environment and being able to contact authoritative authentication servers (i.e.

A SAML assertion and an Open ID Connect ID token are examples of federated security tokens.

The Identity Store is where the user authentication data is stored.

For web applications, federated single sign-on uses the web browser to allow the user to interact with both the application and the authentication provider to negotiate authentication.

As this "browser SSO" process uses the web browser, all communication is between the end-user and the federation partner (ie between the user and the authentication provider or the user and the application provider) this means that there is no communication direct between the authentication provider and the application provider, no firewall rules, no VPN and reduced risk to an enterprise.

Open standard protocols define how the two parties (application provider and authentication provider) build a trust and communicate to authenticate the identity.

Standards are critical as they allow inter-operability between different organizations and vendors - enabling connections to be made to many partners and applications easily and securely.

After these steps are complete, the application knows who the user is, has allowed them access and has provided them a session so they may use the application without being prompted for authentication at every request.

Tags: , ,