A Single Sign-On system is a set of software components, usually distributed
over a network, which allow a User to log into his workstation once,
and thereafter start applications and network Login Session's
without any further Authentication. The initial Login may be
carried out using Credentials, such as a User ID and Password,
or another technology, such as a Public Key Infrastructure or a
A Single Sign-On system normally works as follows:
- The User logs into his workstation.
- A component of the Single Sign-On system installed on the workstation
intercepts and stores the User's Credentials.
- The Single Sign-On software displays a menu listing applications that
the User may access.
- The User selects a menu option or icon to start an application.
- The Single Sign-On software retrieves the User's Credentials for the
application from a central database. The Credentials used by this
user to log into the workstation in the first place are normally
used to access the central database.
- A script is used to launch the application, and type the User's
User ID and Password into it automatically.
This technology addresses some common support problems:
- Users tend to forget their passwords. With Single Sign-On, they only
actively use one password, so are less likely to forget it.
- Users don't like to enter their Credentials multiple times.
Unfortunately, this technology also has some deployment and security
- The Password server is an attractive target for Intruder's, since it
contains Plaintext or decryptable Credentials for many users and
- If the Password server is damaged, then many applications become
unavailable. This constitutes a major Denial of Service problem.
- Scripts used to launch applications are quite fragile.
- The entire system is complex and difficult to install.
- The software tends to be quite expensive.
An alternative technology, which resolves some of the same issues, but
is not subject to the same problems, is Password Synchronization.