List of single sign-on implementations

Last updated February 21, 2024

These are some of the notable Single Sign-On (SSO) implementations available:

Product Name	Project/Vendor	License	Identity management platform	Description
Accounts & SSO	Nokia, Intel,…	Free software		Client-side implementation with plugins for various services/protocols
Active Directory Federation Services	Microsoft	Proprietary		Claims-based system and application federation using SAML 2.0 or WS-Federation
Bitium	Bitium	Proprietary		Enterprise cloud-based identity and access management solution with single sign-on, active directory integration and 2-factor authentication options
CAS / Central Authentication Service	Apereo	Free & Open Source (Apache 2.0)		Protocol and open-source SSO server/client implementation with support for CAS, SAML1, SAML2, OAuth2, SCIM, OpenID Connect and WS-Fed protocols both as an identity provider and a service provider with other auxiliary functions that deal with user consent, access management, impersonation, terms of use, etc. Licensed under Apache 2.0.
CoSign single sign on	University of Michigan	Academic		SSO for University of Michigan
Distributed Access Control System (DACS)	Distributed Systems Software	Free Software
Facebook connect	Facebook	Proprietary		Facebook SSO to third parties enabled by Facebook
FreeIPA	Red Hat	Free Software	Yes
IceWall SSO	Hewlett-Packard Enterprise	Proprietary		Web and Federated Single Sign-On Solution
IBM Enterprise Identity Mapping	IBM	Free software	Yes	Works with Kerberos (e.g. Active Directory) and other authentication mechanisms to map different identities and hence allow single signon to all IBM server platforms (Windows, Linux, PowerLinux, IBM i, i5/OS, OS/400, AIX) even when the user name differs.
LTPA	IBM	Proprietary
Imprivata OneSign	Imprivata	Proprietary
Janrain Federate SSO	Janrain	Proprietary	Yes	Social and conventional user SSO
JOSSO	JOSSO	Free Software		Open Source Single Sign-On Server
Keycloak (Red Hat Single Sign-On)	Red Hat	Open source	Yes	Federated SSO (LDAP and Active Directory), standard protocols (OpenID Connect, OAuth 2.0 and SAML 2.0) for Web, clustering and single sign on. Red Hat Single Sign-On is version of Keycloak for which RedHat provides commercial support.
Microsoft account	Microsoft	Proprietary		Microsoft single sign-on web service
Microsoft Azure Active Directory	Microsoft	Proprietary	Yes	Cloud based single sign-on which supports SAML 2.0, WS-Federation, and OpenID Connect
myOneLogin	VMware	Proprietary		Cloud single sign-on
NetIQ Access Manager	Microfocus	Proprietary	Yes, used in conjunction with NetIQ Identity Manager	Access Management, Federation and Risk-Based Access Control platform
Numina Application Framework	Numina Solutions	Proprietary	Yes	Single sign-on system for Windows (OpenID RP & OP, SAML IdP, and proprietary)
Okta	Okta, Inc.		Yes	Okta is SaaS based identity management and Single Sign On service provider which supports SAML 2.0, OpenID Connect and other protocols
OneLogin	OneLogin Inc.	Proprietary	Yes	Cloud-based identity and access management with single sign-on (SSO) and active directory integration
OpenAthens	Jisc	Proprietary	Yes	Identity and access management solutions to IdPs and SPs enabling access management to web-based resources. Fully hosted service with several directory integration options, dedicated support team. Maintains OpenAthens Federation. SAML 1.1, SAML 2.0, SSO, self-reg, compatibility with Shibboleth, API.
OpenAM	Open Identity Platform Community	CDDL	Yes, used in conjunction with OpenDJ and OpenIDM	Access management, entitlements and federation server platform
Oracle Identity Management	Oracle Corporation	Proprietary	Yes	Identity and Access Management Suite of products from Oracle
SecureLogin	NetIQ	Proprietary		Enterprise Single-Sign-On
Shibboleth	Shibboleth	Free & Open Source (Apache 2.0)		SAML-based open source access control
Ubuntu Single Sign On	Canonical Ltd.	Proprietary		OpenID-based SSO for Launchpad and Ubuntu services
Univention Corporate Server	Univention	Free & Open Source		Enterprise IAM with single sign-on using SAML
Wren:AM	Wren Security	CDDL	Yes, in conjunction with Wren:IDM	Open-source Access Management and Single Sign-On platform
WSO2 Identity Server	WSO2	Free & Open Source (Apache 2.0)	Yes	SAML 2.0, OpenID, OpenID Connect, OAuth 2.0, SCIM, XACML, Passive Federation
ZXID	ZXID	Free Software	Yes	Reference Implementation of TAS3 security

Related Research Articles

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

<span class="mw-page-title-main">Liberty Alliance</span> Computer trade group

The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.

A service provider (SP) is an organization that provides services, such as consulting, legal, real estate, communications, storage, and processing services, to other organizations. Although a service provider can be a sub-unit of the organization that it serves, it is usually a third-party or outsourced supplier. Examples include telecommunications service providers (TSPs), application service providers (ASPs), storage service providers (SSPs), and internet service providers (ISPs). A more traditional term is service bureau.

Windows CardSpace is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.

SOA security addresses the issue of combining services in a service-oriented architecture (SOA) in a secure manner. These issues arise as an effect of the main premise of SOA, which is to erase application boundaries and technology differences. Prior to the application of SOA methodologies, security models have traditionally been hardcoded into applications, and when capabilities of an application are opened up for use by other applications, the existing built-in security models may not be good enough.

Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between security domains. SAML is a product of the OASIS (organization) Security Services Technical Committee.

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization identities between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal between a SAML authority, named an Identity Provider, and a SAML consumer, named a Service Provider. SAML 2.0 enables web-based, cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user. SAML 2.0 was ratified as an OASIS Standard in March 2005, replacing SAML 1.1. The critical aspects of SAML 2.0 are covered in detail in the official documents SAMLCore, SAMLBind, SAMLProf, and SAMLMeta.

Light-weight Identity (LID), or Light Identity Management (LIdM), is an identity management system for online digital identities developed in part by NetMesh. It was first published in early 2005, and is the original URL-based identity system, later followed by OpenID. LID uses URLs as a verification of the user's identity, and makes use of several open-source protocols such as OpenID, Yadis, and PGP/GPG.

Active Directory Federation Services, a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access-control authorization model to maintain application security and to implement federated identity. Claims-based authentication involves authenticating a user based on a set of claims about that user's identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims-based authentication. It is part of the Active Directory Services.

An identity provider is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.

Access Control Service, or Windows Azure Access Control Service (ACS) was a Microsoft-owned cloud-based service that provided an easy way of authenticating and authorizing users to gain access to web applications and services while allowing the features of authentication and authorization to be factored out of the application code. This facilitates application development while at the same time providing users the benefit of being able to log into multiple applications with a reduced number of authentications, and in some cases only one authentication. The system provides an authorization store that can be accessed programmatically as well as via a management portal. Once authorizations are configured, a user coming to an application via ACS arrives at the application entrance with not only an authentication token, but also a set of authorization claims attached to the token. ACS was retired by Microsoft on November 7, 2018.

WS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS. Closely related to WS-Security is WS-Trust, also a WS-* specification and OASIS standard that provides extensions to WS-Security.

Bitium was a developer of the cloud service Bitium, which provided single sign-on and identity management for software as a service (SaaS) cloud-based applications before its merger into Google Cloud. Bitium allowed end users to access all of their cloud software accounts using a single set of login credentials. The product could integrate with cloud apps using SAML for enhanced security.

OpenAthens is an identity and access management service, supplied by Jisc, a British not-for-profit information technology services company. Identity provider (IdP) organisations can keep usernames in the cloud, locally or both. Integration with ADFS, LDAP or SAML is supported.

A SAML identity provider is a system entity that issues authentication assertions in conjunction with a single sign-on (SSO) profile of the Security Assertion Markup Language (SAML).

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

List of single sign-on implementations

See also

Related Research Articles