Single sign-on (SSO) is a method of access control that enables a user to authenticate once and gain access to the resources of multiple software systems. Single sign-off is the reverse process whereby a single action of signing out terminates access to multiple software systems.

The term enterprise reduced sign-on is preferred by some authors because they believe single sign-on to be a misnomer: "no one can achieve it without a homogeneous IT infrastructure"

The Single Sign-On system consists of a Credential database, a master secret server, and one or more Single Sign-On servers.

The SSO system contains affiliate applications that an administrator defines. An affiliate application is a logical entity that represents a system or sub-system such as a host, back-end system, or line-of-business application to which you are connecting using Enterprise Single Sign-On. Each affiliate application has multiple user mappings; for example, it has the mappings between the credentials for a user in Active Directory and their corresponding RACF credentials.

The Credential database is the SQL Server database that stores the information about the affiliate applications, as well as all the encrypted user credentials to all the affiliate applications.

The master secret server is the Enterprise Single Sign-On server that stores the master secret. All other Single Sign-On servers in the system obtain the master secret from the master secret server.

The SSO system also contains one or more SSO servers. These servers do the mapping between the Windows and back-end credentials and look up the credentials in the Credential database. Administrators use them to maintain the SSO system.

http://http://msdn.microsoft.com/en-us/library/aa745042.aspx

Last edited May 16, 2008 at 4:26 PM by jbfranco, version 1

Comments

No comments yet.