Single Sign-On (SSO) implementation using LDAP server

2 comments



One of the simplest ways to implement Single Sign On is to make use of LDAP server.

To explain the SSO implementation approach, this article scoped with two web applications e.g. Portal A and Portal B.

How it will work?
  • The user login's to Portal A application through browser.
  • Portal A application validates the user information and generates an authorization identifier.
  • Portal A will route the request along with authorization identifier to the LDAP server.
  • The routed request is validated against the user information at LDAP Server; if user identification is successful the application will populate the user credentials along with the authorization identifier.
  • When user clicks on the Portal A for SSO site link, application will send the user information to Portal B application along with the with authorization identifier.
  • Portal B application will route the request to LDAP Server for user identification.
  • User will be authenticated and identified against the user information at LDAP store and will automatically log on to Portal B in case of correct credentials are passed.

SSO
SSO
Session Management

  • User login to the Portal A application and initialize the session.
  • Portal A application sends session ID to Portal B application.
  • Portal B application will always check the User session with the Portal A by passing the session id with the request before performing business processing.

Benefits
  • Can be extended for integration with other enterprise systems like SAP,SIEBEL etc.
  • The credentials of the end user are validated via the LDAP schema. As the user information is in an encrypted format, it enhances the security of the system.
  • The component inter-communication is through LDAP services. Thus there is always credential verification at the component level as well.
  • Supported by all flavors of UNIX (Linux, Solaris, etc.)
  • Reduced coding efforts.

Drawbacks
  • Additional cost of Licensing and maintenance support for LDAP server.
  • Needs enhanced network security to communicate with the applications.
  • Needs application customization for integration with other system.

2 comments:

kinjal` said...

Hello Good morning,
Here i have require proper defination and its form layout for this system.. can you give proper defination and how its work for single use on single time login.....

Arun Khurana said...

What exactly is your requirement ? Can you please explain a little bit more.

Post a Comment

Recent Posts

Popular Posts

© 2011-2019 Web Portal Club