List of single sign-on implementations

Last updated

These are some of the notable Single Sign-On (SSO) implementations available:

Product NameProject/VendorLicense Identity management platformDescription
Accounts & SSO Nokia, Intel,… Free software Client-side implementation with plugins for various services/protocols
Active Directory Federation Services Microsoft ProprietaryClaims-based system and application federation using SAML 2.0 or WS-Federation
Bitium Bitium Proprietary Enterprise cloud-based identity and access management solution with single sign-on, active directory integration and 2-factor authentication options
CAS / Central Authentication Service ApereoFree & Open Source (Apache 2.0)Protocol and open-source SSO server/client implementation with support for CAS, SAML1, SAML2, OAuth2, SCIM, OpenID Connect and WS-Fed protocols both as an identity provider and a service provider with other auxiliary functions that deal with user consent, access management, impersonation, terms of use, etc. Licensed under Apache 2.0.
CoSign single sign on University of Michigan AcademicSSO for University of Michigan
Distributed Access Control System (DACS)Distributed Systems SoftwareFree Software
Facebook connect Facebook ProprietaryFacebook SSO to third parties enabled by Facebook
FreeIPA Red Hat Free SoftwareYes
IceWall SSO Hewlett-Packard EnterpriseProprietaryWeb and Federated Single Sign-On Solution
IBM Enterprise Identity Mapping IBMFree softwareYesWorks with Kerberos (e.g. Active Directory) and other authentication mechanisms to map different identities and hence allow single signon to all IBM server platforms (Windows, Linux, PowerLinux, IBM i, i5/OS, OS/400, AIX) even when the user name differs.
LTPA IBM Proprietary
Imprivata OneSign Imprivata Proprietary
Janrain Federate SSOJanrainProprietaryYesSocial and conventional user SSO
JOSSO JOSSOFree SoftwareOpen Source Single Sign-On Server
Keycloak
(Red Hat Single Sign-On)		 Red Hat Open sourceYesFederated SSO (LDAP and Active Directory), standard protocols (OpenID Connect, OAuth 2.0 and SAML 2.0) for Web, clustering and single sign on.
Red Hat Single Sign-On is version of Keycloak for which RedHat provides commercial support.
Microsoft account MicrosoftProprietaryMicrosoft single sign-on web service
Microsoft Azure Active Directory MicrosoftProprietaryYesCloud based single sign-on which supports SAML 2.0, WS-Federation, and OpenID Connect
myOneLogin VMware ProprietaryCloud single sign-on
NetIQ Access Manager Microfocus Proprietary Yes, used in conjunction with NetIQ Identity Manager Access Management, Federation and Risk-Based Access Control platform
Numina Application FrameworkNumina SolutionsProprietaryYesSingle sign-on system for Windows (OpenID RP & OP, SAML IdP, and proprietary)
Okta Okta, Inc. YesOkta is SaaS based identity management and Single Sign On service provider which supports SAML 2.0, OpenID Connect and other protocols
OneLogin OneLogin Inc.ProprietaryYesCloud-based identity and access management with single sign-on (SSO) and active directory integration
OpenAthens JiscProprietaryYesIdentity and access management solutions to IdPs and SPs enabling access management to web-based resources. Fully hosted service with several directory integration options, dedicated support team. Maintains OpenAthens Federation. SAML 1.1, SAML 2.0, SSO, self-reg, compatibility with Shibboleth, API.
OpenAM Open Identity Platform Community CDDL Yes, used in conjunction with OpenDJ and OpenIDM Access management, entitlements and federation server platform
Oracle Identity Management Oracle CorporationProprietaryYesIdentity and Access Management Suite of products from Oracle
SecureLogin NetIQ ProprietaryEnterprise Single-Sign-On
Shibboleth ShibbolethFree & Open Source (Apache 2.0)SAML-based open source access control
Ubuntu Single Sign On Canonical Ltd. ProprietaryOpenID-based SSO for Launchpad and Ubuntu services
Univention Corporate Server UniventionFree & Open SourceEnterprise IAM with single sign-on using SAML
WSO2 Identity Server WSO2 Free & Open Source (Apache 2.0)YesSAML 2.0, OpenID, OpenID Connect, OAuth 2.0, SCIM, XACML, Passive Federation
ZXID ZXIDFree SoftwareYesReference Implementation of TAS3 security

See also

Related Research Articles

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

<span class="mw-page-title-main">Liberty Alliance</span> Computer trade group

The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

<span class="mw-page-title-main">Shibboleth (software)</span> Internet identity system

Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.

A service provider (SP) is an organization that provides services, such as consulting, legal, real estate, communications, storage, and processing services, to other organizations. Although a service provider can be a sub-unit of the organization that it serves, it is usually a third-party or outsourced supplier. Examples include telecommunications service providers (TSPs), application service providers (ASPs), storage service providers (SSPs), and internet service providers (ISPs). A more traditional term is service bureau.

<span class="mw-page-title-main">Windows CardSpace</span> Discontinued identity selector app by Microsoft

Windows CardSpace is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.

SOA security addresses the issue of combining services in a service-oriented architecture (SOA) in a secure manner. These issues arise as an effect of the main premise of SOA, which is to erase application boundaries and technology differences. Prior to the application of SOA methodologies, security models have traditionally been hardcoded into applications, and when capabilities of an application are opened up for use by other applications, the existing built-in security models may not be good enough.

Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between security domains. SAML is a product of the OASIS (organization) Security Services Technical Committee.

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization identities between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal between a SAML authority, named an Identity Provider, and a SAML consumer, named a Service Provider. SAML 2.0 enables web-based, cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user. SAML 2.0 was ratified as an OASIS Standard in March 2005, replacing SAML 1.1. The critical aspects of SAML 2.0 are covered in detail in the official documents SAMLCore, SAMLBind, SAMLProf, and SAMLMeta.

Light-weight Identity (LID), or Light Identity Management (LIdM), is an identity management system for online digital identities developed in part by NetMesh. It was first published in early 2005, and is the original URL-based identity system, later followed by OpenID. LID uses URLs as a verification of the user's identity, and makes use of several open-source protocols such as OpenID, Yadis, and PGP/GPG.

Active Directory Federation Services (ADFS), a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access-control authorization model to maintain application security and to implement federated identity. Claims-based authentication involves authenticating a user based on a set of claims about that user's identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims-based authentication. It is part of the Active Directory Services. Microsoft advises uses Entra ID and Azure AD Connect in place of ADFS in most cases.

An identity provider is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.

Access Control Service, or Windows Azure Access Control Service (ACS) was a Microsoft-owned cloud-based service that provided an easy way of authenticating and authorizing users to gain access to web applications and services while allowing the features of authentication and authorization to be factored out of the application code. This facilitates application development while at the same time providing users the benefit of being able to log into multiple applications with a reduced number of authentications, and in some cases only one authentication. The system provides an authorization store that can be accessed programmatically as well as via a management portal. Once authorizations are configured, a user coming to an application via ACS arrives at the application entrance with not only an authentication token, but also a set of authorization claims attached to the token. ACS was retired by Microsoft on November 7, 2018.

WS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS. Closely related to WS-Security is WS-Trust, also a WS-* specification and OASIS standard that provides extensions to WS-Security.

<span class="mw-page-title-main">Bitium</span> SaaS startup acquired by Google

Bitium was a developer of the cloud service Bitium, which provided single sign-on and identity management for software as a service (SaaS) cloud-based applications before its merger into Google Cloud. Bitium allowed end users to access all of their cloud software accounts using a single set of login credentials. The product could integrate with cloud apps using SAML for enhanced security.

OpenAthens is an identity and access management service, supplied by Jisc, a British not-for-profit information technology services company. Identity provider (IdP) organisations can keep usernames in the cloud, locally or both. Integration with ADFS, LDAP or SAML is supported.

A SAML identity provider is a system entity that issues authentication assertions in conjunction with a single sign-on (SSO) profile of the Security Assertion Markup Language (SAML).

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.