SingleSignOn Process [Resolved]

Posted by Dora743 under Regular Expressions on 7/26/2011 | Points: 10 | Views : 2623 | Status : [Member] | Replies : 2
Hi all i looked at the articles and videos regarding Single Sign on process, but still i am unfamiliar with this so can any give me an worked out example on this with an attached database.



Posted by: SheoNarayan on: 7/26/2011 [Administrator] HonoraryPlatinum | Points: 50


Hi Dora,

Have you watched this video

As far as the database is concerned it is same as normal authentication as single sign on is nothing to do with the database, as soon as the user is authenticated the token is created that works for all other domain and the authentication works as usual.


Sheo Narayan

Dora743, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Bhaskara on: 7/28/2011 [Member] Starter | Points: 25

Single Sign On is a concept of signing to the application once and can view any web sites within same domain (eg.
In SSO you need to have two servers, one have the web server and in other the policy server(SSO).

You can maintain any database like LDAP, Oracle, SQL Server database to store the user information. Most preferred is LDAP for the SSO.
There are different software available in market which helps in integrating Single Sign On.

The following are the products which are mainly used in banking, shopping carts, manufacturing secors.
Computer Associates Siteminder
Oracle SSO
IBM Tivoli
Novell Securelogin

Here the persistent cookies maintains when you switch to different web sites in the same browser window. In few occurrence, when you open a new browser window it will ask for credentials when you visit a web site.

How it Works

When the user attempts to view a web site, if the page is protected page, then it requires authentication to view the page. If the page is not a protected page, then it won't ask you for authentication.

Here web server act as Mediator, which carries the details to and from policy server.

Once the user details are authenticated in policy server, then user is allowed to view the protected page otherwise again it will ask to prompts for correct credentials.

Here the persistent cookie is stored in the client browser and helps in viewing different web sites.


User Browser -> Web Server - > Policy Server - > Database


Dora743, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response