Software Engineering Stack Exchange
Software Engineering Stack Exchange

Questions tagged [sso]

Single Sign-On is a technology to allow a single authentication to be used across multiple independent systems.

Single Sign-On (or SSO) is a technology that allows for a single authentication to be used across multiple related, but independent systems. Signing in to a system using SSO will grant access to all the related systems without being challenged each time to log into another service.

30 questions
15
votes
1 answer

Can I prevent CSRF attacks by using localstorage/sessionstorage?

I have a front/back applications that needs to be logged in to be used. When I log in (by means of the front-end app sending a request to the back end), what I do is not sending a cookie, but a JSON with a token in it. The latter will be stored by…
Bertuz
  • 417
  • 4
  • 10
11
votes
2 answers

Should an SPA use OIDC's Implicit flow or Auth Code flow?

We are developing a new Angular SPA which leverages Keycloak for its SSO abilities using OpenID Connect (OIDC). The app is currently designed to use the Implicit flow to retrieve short-lived access tokens via the keycloak JS adapter. However,…
Eric B.
  • 1,229
  • 1
  • 9
  • 13
7
votes
1 answer

How can I integrate local web development environments with a central SSO solution?

We have a single-page web application, and we have a new SSO site (also our own) using OAuth2, and are looking to hook them up. On our production/staging/CI deployments, it's easy to hook everything up. For instance: on production we'll have…
Steven
  • 356
  • 1
  • 6
5
votes
1 answer

Is oAuth a good fit here?

We're looking into adding authentication to a range of APIs that we are about to develop. The solution is entirely fluid as it currently stands, but the basic premise is that there is one API layer that the customer interfaces with, and several APIs…
christopher
  • 153
  • 4
5
votes
1 answer

OAuthv2 authorization grants

I just read this excellent tutorial on OAuthv2 but am still missing some important concepts regarding authorization grants. I'm fundamentally not understanding the necessity for the two request/response cycles between client app and authorization…
smeeb
  • 4,820
  • 10
  • 30
  • 49
5
votes
1 answer

How can I build a seamless login for multiple sites using OAuth2?

The question is admittedly a bit leading, but what I mean to ask is: If a user logs into into site X, is there a way to automatically log into site Y? Site Y utilises single sign-on via OAuth2 service on site X, so a login via site Y would log you…
Julian H. Lam
  • 491
  • 1
  • 3
  • 13
4
votes
2 answers

Integration with multiple SSO's

Currently, we had a web app that integrated with SSO through Open-Id protocol Then we got another client that had it's own SSO and need us to integrate with their SSO through SAML protocol so their employees can authenticate and use our site, then…
Nabawoka
  • 49
  • 2
4
votes
1 answer

SSO between multiple Flex applications

We have three applications developed in Flex and all these use BlazeDS. These applications have their own authentication implementations (Database). Also they will be deployed in tomcat. Deploying all these applications in the same tomcat instance…
kpk
  • 49
  • 1
3
votes
1 answer

Silent login in external application

We have a web application and our partners asked us to log in silently from their web applications, which would allow their users to make a single login on l to access our application instead of two. Obviously, their applications are different from…
danyolgiax
  • 149
  • 5
3
votes
6 answers

How does authentication Server work on Single Sign on?

I am trying to implement Single Sign On feature(SSO). I have for now three systems that needs this feature. This SSO is relatively new to me, I have done SSO where the domain is same. There browser is no barrier so it works. So with few research i…
Ruchan
  • 111
  • 1
  • 11
3
votes
3 answers

Securing credentials passed to web service

I'm attempting to design a single sign on system for use in a distributed architecture. Specifically, I must provide a way for a client website (that is, a website on a different domain/server/network) to allow users to register accounts on my…
Greg Smith
  • 183
  • 1
  • 7
3
votes
3 answers

Moving between sites using SAML

I'm tasked with developing an SSO system, and was guided towards using the SAML spec. After some research I think understand the interaction between a Service Provider and an ID Provider and how a user's identity is confirmed. But what happens when…
System Down
  • 4,743
  • 3
  • 24
  • 35
3
votes
2 answers

For ASP.NET Programmers: Does the executable 'dcpromo' have any significance?

Dcpromo.exe is famous among MCSEs for being they only way to create a Windows Domain Controller (in other words an Active Directory Domain) ... which in turn is often used by the ASP.NET Membership system. I'm trying to determine if I should put…
makerofthings7
  • 6,038
  • 4
  • 39
  • 77
2
votes
3 answers

A single access point for several applications

I've been asked to create a web page from which users can access several other applications created using oracle forms and jsf, this will include also sso. I cant think of an easy way to do it, what I was thinking about was that the user should…
OKAN
  • 725
  • 1
  • 5
  • 8
2
votes
1 answer

Should an Identity Provider be a separate web application than a Authentication system

I'm currently writing a SAML Identity provider(Idp) to enable SSO and one of the easy ways to go about it is to use Shibboleth Identity Provider which is a ready deployable web application on it's own. We also have an in-house authentication system…
noob Mama
  • 123
  • 3
1
2