Single Sign-On Architectures

  • Jan De Clercq
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2437)


Authentication infrastructures have been around for many years now. They are very popular in big computing environments where scalability is a key requirement. In such environment, it’s not very cost-efficient from both an implementation and an administration point-of-view to create a separate authentication system for every individual computer system, resource or application server. It is much better to outsource this functionality to an authentication “infrastructure”.

The outsourcing of authentication to a specialized infrastructure also enables the enforcement of a consistent authentication policy throughout the enterprise. Another major driver behind the creation of authentication infrastructures is single sign-on (SSO). In short, SSO is the ability for a user to authenticate once to a single authentication authority and then access other protected resources without reauthenticating. The Open Group defines SSO as the mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where that user has access permission, without the need to enter multiple passwords.

This paper focuses on the architectural approaches one can take when designing an SSO solution for a large I.T. infrastructure and on the security technology building blocks that can be used to construct such an SSO infrastructure. This brief does not address the architecture of every SSO solution that is currently available on the software market. Many of them have a relatively small scope and only span a couple of applications, platforms or authentication methods.


Smart Card Authentication Protocol Trust Relationship Certification Authority Authentication Server 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References and Additional Reading

  1. Burton Group Technical Position on “User Authentication”.Google Scholar
  2. Richard E. Smith, “Authentication: From Passwords to Public Keys”, Addison-Wesley, ISBN 0-201-61599-1.Google Scholar
  3. Burton Group Network Strategy Report on “Single Sign-on”.Google Scholar
  4. Network Applications Consortium (NAC) Position Paper: “Enterprise-wide Security: Authentication and Single Sign-on”.Google Scholar
  5. The Open Group, Security Forum on Single Sign-on:

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Jan De Clercq
    • 1
  1. 1.HPUK

Personalised recommendations