Single sign-on (SSO) allows users, who are authenticated against one application, to gain access to multiple other related applications as well without having to repeatedly authenticate themselves. It also allows the web applications gain access to a set of backend services with the logged - in user's access rights, and the backend services can authorize the user based on different claims like user role.
In a single sign on (SSO) system there are basically two roles; Service Providers and Identity Providers (IPIdP). The important characteristic of a single sign on system is the predefined trust relation between the service providers and the identity providers. Service providers trust the assertions issued by the identity providers and the identity providers issue assertions based on the results of authentication and authorization of the principles which access services at service providers.
...