9.2. SSO

9.2.1. Introduction

Single Sign On (SingleSignOn, SSO) means that a user can access multiple related but independent systems through a single ID and credential (password).

9.2.1.1. Common Process

  1. The user (User) initiates a request to the service provider (Service Provider)

  2. SP redirects User to SSO identity verification service (Identity Provider)

  3. User login by IP

  4. IP returns credentials to User

  5. User sends credentials to SP

  6. SP returns protected resource to user

The certificate must have the following attributes

  • Issuer’s signature

  • credential identity

  • time used

    • expire date

    • effective time

9.2.2. Possible Attacks/Vulnerabilities

9.2.2.1. Information leakage

If SP and IP use clear text to transmit information before, it may be stolen.

9.2.2.2. Forgery

If the key information is not signed during the communication process, it is easy to be forged.