Single sign-on between applications

摘要

A single sign-on (SSO) system uses simple one-to-one trust relationships between individual applications and an SSO service to extend log in services from one application to another. Each application retains its own login policies and can separately make a decision whether to trust the SSO request or challenge the user for login credentials. By structuring the SSO system to use simple identity mapping, there is no requirement for consolidating user identity records from multiple applications into a single database with its attendant overhead and dependency risks.

主权项

1. A method of authenticating a user accredited in an application (app A) to another application (app B), the method comprising:
receiving, at a single sign-on (SSO) service, a request from app A to access app B, the request including a user identifier and an application identifier; generating, at the SSO service, a request identifier and a nonce; providing the request identifier and the nonce to app A for use by app A in contacting app B; receiving, at app B, the request identifier and the nonce from app A; receiving, at the SSO service, from app B the request identifier and the nonce provided to app A; verifying, at the SSO service, that a mapping exists for app B; providing, from the SSO service, a mapping token to app B, the mapping token corresponding to a previous registration of the user by app B with the SSO service; extracting, at app B, login information from the mapping token; and accepting, at app B, the login information when the login information meets a local security policy.