Web Single Sign-On (WebSSO) systems consist of an agent installed on web servers, and a central infrastructure that includes a Directory and servers or logic to manage Authentication and Access Control.

When Users attempt to Access a WebSSO-enabled web server or web application, the WebSSO agent redirects the user's web browser to an Authentication Server, where the user signs in. The web browser is then redirected back to the requested web application, and the User can Access the application or web content.

When an already authenticated user accesses another web application, the agent on the web application retrieves the user's validated Credentials, thus eliminating any need for the user to sign on again.

WebSSO systems also incorporate Access Control mechanisms, where either the agent installed on each web server, or the web applications themselves (using an API), may check whether a User is entitled to Access data or functions.

Most WebSSO systems also include a distributed administration interface, for defining new user accounts and managing existing ones.

Return to IT Security Concepts