Back to Security Pattern Catalog




Single Sign On


Classification Key : Exterior Security, Spoofing

Problem

Many transactions involve invocations of multiple services in a distributed environment. Re-authenticating for every new service request is painful for an end-user because the user is going through a single transaction. How can the user be relieved of re-authentication after he successfully authenticates once?

Solution

Create an authenticated session that keeps track of users authenticated identity through the duration of a transaction. Provide the user with some credentials that he can present with every new service request. Authenticate the user the first time he requests access. Timestamp the credentials and associate a validity period to the credentials so that the users cannot use the credentials forever.

Known Uses

RBL and RHSBL List used in Postfix to filter spam coming from known blacklisted IP addresses.

Related Patterns

Single Sign On Delegator

Source

Kienzle et. al. Repository

Tags

Single Sign On, Federation


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz