1 / 1100%
Single Sign On (SSO) is the most basic authentication system and was developed
for the purpose of 'all authentication in one system'. In other words, even if there are
several systems, if authentication is successful in one system, access to other
systems is also obtained. The basic principles are as follows. When the client initially
requests a connection to the server (),), the server requests the client to access after
receiving authentication from the SSO server (). When the client receives
authentication from the SSO server (,, )), the servers 1, 2, and 3 connected to the
SSO server may also be connected without a separate authentication process (). A
representative authentication method of this connection type is an active directory of
Windows using Kerberos. In addition to implementing SSO using SSO servers, there
are cases where SSO is implemented based on services. Microsoft Passport is a
good example. Passport has tens of millions of hotmail and MSN messenger users
participating enough to say it is the largest authentication service on the web.
Users subscribe to the service through a central passport server managed by
Microsoft and receive authentication through it. At this time, the affiliated site is
certified through a passport server, so there is no need to establish a separate
authentication system. It also provides a template function that automatically fills the
passport with information to avoid the hassle of duplicating the same information
when users log in.
The biggest weakness of SSO is that once it passes the initial authentication
process, all servers or sites can be accessed. This is called Single Point of Failure.
To compensate for these fatal weaknesses, continuous authentication is required
when accessing and operating important information. Continuous authentication
issues were mentioned in Chapter 2 when looking at sessions, but let's briefly review
them. It is called continuous authentication to ask for re-authentication even after
passing the initial authentication, such as asking for an existing password again
when changing the password on a website or asking for a password again when
changing the contents of a window scheduler. When it is a very important system, it
may undergo a re-authentication process for a certain period of time.
Students also viewed