{"id":258,"date":"2023-03-23T00:14:12","date_gmt":"2023-03-23T00:14:12","guid":{"rendered":"https:\/\/vasanthselvaraj.com\/?p=258"},"modified":"2023-03-23T00:14:17","modified_gmt":"2023-03-23T00:14:17","slug":"single-sign-on-sso-terminologies","status":"publish","type":"post","link":"https:\/\/vasanthselvaraj.com\/?p=258","title":{"rendered":"Single Sign-On (SSO) terminologies"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Introduction<\/h2>\n\n\n\n<p>In this post, we will look at different terminologies in SSO.  Single Sign-On means use the same credentials everywhere whereas web SSO login once in browser and access multiple websites without authenticating again. When comes to SSO there are multiple names thrown around so lets look one by one<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-cyan-bluish-gray-background-color has-background\"><tbody><tr><td>SAML<\/td><td>OIDC<\/td><\/tr><tr><td>OAUTH<\/td><td>JWT<\/td><\/tr><tr><td>Federated identities<\/td><td>Federated Access<\/td><\/tr><tr><td>Identity provider<\/td><td>Service provider<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Problem Statement<\/h3>\n\n\n\n<p>Before we deep dive into topics &#8211; understand why SSO ? SSO primarily aim to solve Password Fatigue, Too many disjointed Apps and developer simplicity.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">SAML<\/h4>\n\n\n\n<p>SAML &#8211; Security Assertion Markup Language. Its based on XML to exchange identities between two parties for web single sign on. Most of the corporate applications uses SAML SSO to provide web SSO however current trends modern applications moving towards OAUTH2.0 framework to achieve the same by issuing OIDC or JWT tokens<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">OAUTH<\/h4>\n\n\n\n<p>OAUTH &#8211; open authorisation. Its a standard designed to allow website to access resources hosted on other website on behalf of users. OAUTH2 is authorisation protocol not <code>authentication<\/code> protocol. It uses access token to access other application. There are some additional terminologies to learn in OAUTH2<\/p>\n\n\n\n<ul>\n<li>Resource owner &#8211; Owns the protected resource<\/li>\n\n\n\n<li>Client &#8211; Client is the one requires access to the protected resource so client must hold access token<\/li>\n\n\n\n<li>Authorization Server &#8211; This server issues Access tokens upon successful authentication<\/li>\n\n\n\n<li>Resource Server &#8211; This server protects the user resources and receives token and validates before granting the access to the resource<\/li>\n<\/ul>\n\n\n\n<p>Separate blog post to covers different types of grant in OAUTH2.0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Identity Provider<\/h4>\n\n\n\n<p>In SSO context, Identity provider in short IDP is responsible for authenticating users and provide tokens (SAML tokens or OIDC or JWT tokens). Most likely identity provider integrated with identity data store normally its Active Directory to authenticate the users. IDP also perform MFA whether TOTP tokens or Security keys ( Separate topic altogether)<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Service Provider<\/h4>\n\n\n\n<p>Service Provider or SP host the application. SP allows to access the resource after successful authentication from IDP<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">OIDC<\/h4>\n\n\n\n<p>OAUTH is authorisation framework whereas OIDC provides authentication on top of OAUTH. OIDC uses JWT tokens to provide identity information so applications can extract required claims from JWT once validates the information.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">JWT<\/h4>\n\n\n\n<p>JWT is JSON web tokens and its self-containing tokens to securely transmit information (mostly identity) between two parties as JSON object.<\/p>\n\n\n\n<p><a href=\"http:\/\/www.jwt.io\" target=\"_blank\" rel=\"noreferrer noopener\">www.jwt.io<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Federated Identities<\/h4>\n\n\n\n<p>Its method of linking identity information across different identity stores. It solves the problem of syncing identity and relevant secrets to every where.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Federated Access<\/h4>\n\n\n\n<p>Its enables the federated Identity to access multiple application by authenticating at centralised identity provider<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Conclusion<\/h3>\n\n\n\n<p>In this post , we have explored the definitions of SSO terminologies and in the next post we have to deep dive into working of SAML2 and OAUTH2 framework.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction In this post, we will look at different terminologies in SSO. Single Sign-On means use the same credentials everywhere whereas web SSO login once in browser and access multiple websites without authenticating again. When comes to SSO there are multiple names thrown around so lets look one by one SAML OIDC OAUTH JWT Federated&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0},"categories":[4,16,5],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.8.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Single Sign-On (SSO) terminologies - Vasanth Selvaraj<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/vasanthselvaraj.com\/?p=258\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Single Sign-On (SSO) terminologies - Vasanth Selvaraj\" \/>\n<meta property=\"og:description\" content=\"Introduction In this post, we will look at different terminologies in SSO. Single Sign-On means use the same credentials everywhere whereas web SSO login once in browser and access multiple websites without authenticating again. When comes to SSO there are multiple names thrown around so lets look one by one SAML OIDC OAUTH JWT Federated...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/vasanthselvaraj.com\/?p=258\" \/>\n<meta property=\"og:site_name\" content=\"Vasanth Selvaraj\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-23T00:14:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-23T00:14:17+00:00\" \/>\n<meta name=\"author\" content=\"Vasanth Selvaraj\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Vasanth Selvaraj\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/vasanthselvaraj.com\/?p=258\",\"url\":\"https:\/\/vasanthselvaraj.com\/?p=258\",\"name\":\"Single Sign-On (SSO) terminologies - Vasanth Selvaraj\",\"isPartOf\":{\"@id\":\"https:\/\/box2411.temp.domains\/~vasselva\/#website\"},\"datePublished\":\"2023-03-23T00:14:12+00:00\",\"dateModified\":\"2023-03-23T00:14:17+00:00\",\"author\":{\"@id\":\"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/7670db7c899a52f9bfcbcb38f64a839b\"},\"breadcrumb\":{\"@id\":\"https:\/\/vasanthselvaraj.com\/?p=258#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/vasanthselvaraj.com\/?p=258\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/vasanthselvaraj.com\/?p=258#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/box2411.temp.domains\/~vasselva\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Single Sign-On (SSO) terminologies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/box2411.temp.domains\/~vasselva\/#website\",\"url\":\"https:\/\/box2411.temp.domains\/~vasselva\/\",\"name\":\"Vasanth Selvaraj\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/box2411.temp.domains\/~vasselva\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/7670db7c899a52f9bfcbcb38f64a839b\",\"name\":\"Vasanth Selvaraj\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3f7ece2700fb273646de53abfa0d9947?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3f7ece2700fb273646de53abfa0d9947?s=96&d=mm&r=g\",\"caption\":\"Vasanth Selvaraj\"},\"sameAs\":[\"https:\/\/vasanthselvaraj.com\"],\"url\":\"https:\/\/vasanthselvaraj.com\/?author=2\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Single Sign-On (SSO) terminologies - Vasanth Selvaraj","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/vasanthselvaraj.com\/?p=258","og_locale":"en_US","og_type":"article","og_title":"Single Sign-On (SSO) terminologies - Vasanth Selvaraj","og_description":"Introduction In this post, we will look at different terminologies in SSO. Single Sign-On means use the same credentials everywhere whereas web SSO login once in browser and access multiple websites without authenticating again. When comes to SSO there are multiple names thrown around so lets look one by one SAML OIDC OAUTH JWT Federated...","og_url":"https:\/\/vasanthselvaraj.com\/?p=258","og_site_name":"Vasanth Selvaraj","article_published_time":"2023-03-23T00:14:12+00:00","article_modified_time":"2023-03-23T00:14:17+00:00","author":"Vasanth Selvaraj","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Vasanth Selvaraj","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/vasanthselvaraj.com\/?p=258","url":"https:\/\/vasanthselvaraj.com\/?p=258","name":"Single Sign-On (SSO) terminologies - Vasanth Selvaraj","isPartOf":{"@id":"https:\/\/box2411.temp.domains\/~vasselva\/#website"},"datePublished":"2023-03-23T00:14:12+00:00","dateModified":"2023-03-23T00:14:17+00:00","author":{"@id":"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/7670db7c899a52f9bfcbcb38f64a839b"},"breadcrumb":{"@id":"https:\/\/vasanthselvaraj.com\/?p=258#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/vasanthselvaraj.com\/?p=258"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/vasanthselvaraj.com\/?p=258#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/box2411.temp.domains\/~vasselva"},{"@type":"ListItem","position":2,"name":"Single Sign-On (SSO) terminologies"}]},{"@type":"WebSite","@id":"https:\/\/box2411.temp.domains\/~vasselva\/#website","url":"https:\/\/box2411.temp.domains\/~vasselva\/","name":"Vasanth Selvaraj","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/box2411.temp.domains\/~vasselva\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/7670db7c899a52f9bfcbcb38f64a839b","name":"Vasanth Selvaraj","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/box2411.temp.domains\/~vasselva\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3f7ece2700fb273646de53abfa0d9947?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3f7ece2700fb273646de53abfa0d9947?s=96&d=mm&r=g","caption":"Vasanth Selvaraj"},"sameAs":["https:\/\/vasanthselvaraj.com"],"url":"https:\/\/vasanthselvaraj.com\/?author=2"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/posts\/258"}],"collection":[{"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=258"}],"version-history":[{"count":4,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/posts\/258\/revisions"}],"predecessor-version":[{"id":263,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=\/wp\/v2\/posts\/258\/revisions\/263"}],"wp:attachment":[{"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=258"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vasanthselvaraj.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}