Introduction Nowadays it seems like you can’t even access half of the websites you would like to with using some sort of authentication. To help solve this issue a large number of websites have created login systems that are centralized. The centralized systems supply users with an electronic identity of sorts which is better known as a federated identity. This paper will discuss some problems that can arise when not having SSO in place, some advantages and disadvantages when using SSO for AD and LADP access and a comparison between Kerberos-based and smart card based SSO.
Problems in organizations without SSO implemented When organizations do not have SSO implemented, it can cause some issue for system users. Reports have shown that an …show more content…
It the user gets locked out of their AD account, they will be losing access to all of the other systems that are associated to their account.
2. If a user’s AD credentials are compromised, the attacker may be able to access to all of the other protected resources that those credentials are associated with.
3. If network connectivity is lost to the domain controller that holds the AD credentials, the users will be unable to gain access to all of the systems that are attached to AD.
Advantages and disadvantages using LDAP for SSO Using LDAP for single sign on can also make it very easy for system users to access multiple systems with one set of credentials. There are as many advantages as there are disadvantages when using LDAP for single sign on. The following are some of those advantages and disadvantages:
Advantages of using LDAP for SSO
1. Since LDAP is pretty much standardized, there are many plugins that are readily available.
2. The passwords are stored securely with all of the needed authentication methods as well as the security mechanisms are already implemented.
3. You can implement its account lockout policies and it password history features if …show more content…
Both Kerberos and Smartcard-based SSO have some established standards. Smart-cards fall under the International Organization for Standardization (ISO 7816) which has several parts included in it from physical characteristics to interindustry data elements. Smart-cards are also gaining popularity in Debit and Credit cards. Kerberos is based on RFC 1510 and is more of an industry standard and is included in Microsoft OS’s.
4. As it relates to implementation, Kerberos-based SSO implementation does have some challenges. The Kerberos security server has been online 24/7 so that its able to generate new security tokens as requested, which can be quite a challenge. Smart-card based SSO implementation can also be challenging. You must have a public key infrastructure setup before you implement the smart-card based SSO. Finding a cost effective smart-card can also be very challenging since plug-and-play readers are not supported.
Conclusion
SSO makes it much easier for users and system administrator alike. There are many different SSO protocols like, Kerberos, LDAP and Smart-cards. Most companies integrate SSO and AD so that users only need to remember one set of credentials. SSO seems to be a technology that is here to stay. The new implementations are such as smart-card chip in debit and credit cards to social media and other such sites using it a means of logging
Problems in organizations without SSO implemented When organizations do not have SSO implemented, it can cause some issue for system users. Reports have shown that an …show more content…
It the user gets locked out of their AD account, they will be losing access to all of the other systems that are associated to their account.
2. If a user’s AD credentials are compromised, the attacker may be able to access to all of the other protected resources that those credentials are associated with.
3. If network connectivity is lost to the domain controller that holds the AD credentials, the users will be unable to gain access to all of the systems that are attached to AD.
Advantages and disadvantages using LDAP for SSO Using LDAP for single sign on can also make it very easy for system users to access multiple systems with one set of credentials. There are as many advantages as there are disadvantages when using LDAP for single sign on. The following are some of those advantages and disadvantages:
Advantages of using LDAP for SSO
1. Since LDAP is pretty much standardized, there are many plugins that are readily available.
2. The passwords are stored securely with all of the needed authentication methods as well as the security mechanisms are already implemented.
3. You can implement its account lockout policies and it password history features if …show more content…
Both Kerberos and Smartcard-based SSO have some established standards. Smart-cards fall under the International Organization for Standardization (ISO 7816) which has several parts included in it from physical characteristics to interindustry data elements. Smart-cards are also gaining popularity in Debit and Credit cards. Kerberos is based on RFC 1510 and is more of an industry standard and is included in Microsoft OS’s.
4. As it relates to implementation, Kerberos-based SSO implementation does have some challenges. The Kerberos security server has been online 24/7 so that its able to generate new security tokens as requested, which can be quite a challenge. Smart-card based SSO implementation can also be challenging. You must have a public key infrastructure setup before you implement the smart-card based SSO. Finding a cost effective smart-card can also be very challenging since plug-and-play readers are not supported.
Conclusion
SSO makes it much easier for users and system administrator alike. There are many different SSO protocols like, Kerberos, LDAP and Smart-cards. Most companies integrate SSO and AD so that users only need to remember one set of credentials. SSO seems to be a technology that is here to stay. The new implementations are such as smart-card chip in debit and credit cards to social media and other such sites using it a means of logging