Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  • Users need only a single username/password pair to access multiple services. Thus they do not have the issue of remembering multiple username/password pairs.
  • Users are authenticated only once at the identity provider and then they are automatically logged into all services within that "trust-domain". This process is more convenient to users since they do not have to provide their username/password at every service provider.
  • Service providers do not have the overhead of managing user identities, which is more convenient for them.
  • User identities are managed at a central point. This is more secure, less complex and easily manageable.

With the release of WSO2 Identity Server 3.0, it supports the SAML 2.0 web browser-based SSO profile. WSO2 Identity Server can act as the identity provider of a single sign on system with minimal configurations. This section provides information on how to configure the identity server and how your applications can be deployed in a SAML 2.0 web browser based SSO system.

The following sections expand on SAML2 based SSO:

Table of Contents

Single Sign-On In Reality

Single Sign On is widely used in web technologies. Google is one of the best examples.

Try this simple exercise,:

  1. Visit www.google.com from your web browser.
  2. Click on the SIGN IN button on the top right of the page.
  3. Once you sign in, you are redirected to www.google.com/accounts/ServiceLogin. There you are requested to enter your Username and Password. Enter your Google credentials there.
  4. Once you enter your Username and Password, you are directed back to www.google.com where you started.
  5. Now visit www.igoogle.com, the Google web portal.
  6. Notice that you are automatically signed in to the portal. You did not have to enter your Username and Password there.
  7. Next visit www.gmail.com, the Google mail server.
  8. Once again you are automatically signed in and you directly access your Gmail Inbox. You did not have to enter your Username and Password at Gmail.
  9. In addition to that; now try www.youtube.com.
  10. Click on the “Sign In” button on the top right of the YouTube home page.

  11. You are automatically signed in. You do not have to enter your username and password at YouTube.

    Info

    Tip: Notice the URL of the web browser. Each time you access an application, you see that you are being redirected to www.google.com/accounts/ServiceLogin and return immediately back to the website.

...