User experience begins with sign-in process. In today’s digital world we use many applications (at our workplace and outside). Remembering passwords and/or reauthenticating every time we access these applications within same provider ecosystems is not a desirable user experience.
Many of us use google applications (Gmail, Google drive, YouTube etc.) and if you must sign-in again-and-again to access these applications then I am sure you’ll not be very happy. And yes, there is a chance that you may forget password as well.
At your workplace you may have timesheet application, payroll application and many other. If you sign-in only once and can access all other application without having to sign-in again then you are lucky, SSO implemented at your workplace.
What is Single Sign-On?
Single Sign-On allows users to authenticated themselves once and auto-login to multiple applications (that talks to same identity provider) without reauthenticating. If you are not sure what is Identity Provider (IdP), stay with me, I’ll cover that later shortly.
Here are key terms that you should be aware of while learning about Single Sign-On (SSO):
Identity/principal – this is the actual user (credentials) in a database (e.g., an Active Directory)
Identity Provider (IdP) - An identity provider is a system entity that creates, maintains, and manages identity/authentication information for principals and also provides authentication services to reliant applications within a federation or distributed network. Identity providers offer user authentication as a service. In this article, we’ll use JumpCloud as our Identity Provider (IdP)
Service Provider - A Service Provider (SP) is the entity providing the service, typically in the form of an application. In this article, AEM is our Service Provider.
Trust Store/Signing Certificate - SSO works based upon a trust relationship set up between Service Provider (SP) like AEM, and an identity provider (IdP), like JumpCloud. This trust relationship is often based upon a certificate that is exchanged between the identity provider and the service provider. This certificate can be used to sign identity information that is being sent from the identity provider to the service provider so that the service provider knows it is coming from a trusted source.
Security Assertion Markup Language (SAML) – it is an XML based open standard to exchange authentication information between Identity Provider (IdP) and Service Provider (SP). SAML request and response entities must follow defined standards while exchanging information.