SSO
Definition
Single Sign-On (SSO) is an authentication process that allows a user to access multiple applications or systems with one set of login credentials. This approach enhances user convenience by reducing the need to remember multiple passwords and improves security by centralizing authentication, reducing the attack surface for credential theft. SSO is often implemented using protocols like SAML, OAuth, or OpenID Connect, which facilitate secure token exchanges between identity providers and service providers.
Secure Settings Example
# Example of a secure SSO configuration using SAML in a web application
sso:
provider: "SAML"
idp_metadata_url: "https://idp.example.com/metadata"
sp_entity_id: "https://app.example.com/saml"
assertion_consumer_service_url: "https://app.example.com/saml/acs"
require_signed_assertions: true
signature_algorithm: "RSA-SHA256"
encryption_algorithm: "AES256-GCM"
clock_skew: 60 # Allowable clock skew in seconds
force_authn: true
Insecure Settings Example
# Example of an insecure SSO configuration with weak settings
sso:
provider: "SAML"
idp_metadata_url: "http://idp.example.com/metadata" # Insecure HTTP
sp_entity_id: "https://app.example.com/saml"
assertion_consumer_service_url: "https://app.example.com/saml/acs"
require_signed_assertions: false # Assertions not signed
signature_algorithm: "SHA1" # Weak algorithm
encryption_algorithm: "AES128-CBC" # Weak encryption
clock_skew: 300 # Excessive clock skew
force_authn: false # Does not require re-authentication