Back to Security Pattern Catalog

Single Sign On

Classification Key : Exterior Security, Spoofing


Many transactions involve invocations of multiple services in a distributed environment. Re-authenticating for every new service request is painful for an end-user because the user is going through a single transaction. How can the user be relieved of re-authentication after he successfully authenticates once?


Create an authenticated session that keeps track of users authenticated identity through the duration of a transaction. Provide the user with some credentials that he can present with every new service request. Authenticate the user the first time he requests access. Timestamp the credentials and associate a validity period to the credentials so that the users cannot use the credentials forever.

Known Uses

RBL and RHSBL List used in Postfix to filter spam coming from known blacklisted IP addresses.

Related Patterns

Single Sign On Delegator


Kienzle et. al. Repository


Single Sign On, Federation


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz