Presentation on SSO I made few weeks ago for the Dreamix team.
Spotlight on SSO
Basically, Single sign-on (SSO) is identity service that lets users access cloud, mobile, and on-premises apps from any device. But here I`ll throw light on the other side of the term: SSO a session/user authentication process. That permits a user to enter one name and password in order to access multiple applications.
Authentication vs Authorization
For starters, we should remember what is the difference between these two.
Authentication verifies who you are. For example, you can login into your Unix server using the SSH client, or access your email server using the POP3 and SMTP client.
Authorization verifies what you are authorized to do. For example, you are allowed to login into your Unix server via SSH client, but you are not authorized to browser /data2 or any other file system.
To handle SSO you need to establish a federated identity. This is the mean of linking a person’s electronic identity and attributes, stored across multiple distinct identity management systems. Which may not be trivial to achieve. Alternatively you can use an existing service as an identity provider. As such, it will be able to issue valet keys to other services. These keys are per application and grant different level of access to user data. From the retrieved data apps can extract unique identifier for establishing profile at the new service provider. Additionally the user can allow applications to act on his behalf at identity provider service. This is the basic idea that stands behind OAuth.