What is Single Sign-On (SSO)

Definition according to Wikipedia:

Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.

 

The following are the most common forms of single sign-on

  1. SSO based on classical windows application (most common version).
  2. SSO based on dedicated application (i.e. Atlassian Crowd), limited to certain other applications and services (in the example of Crowd mostly to further Atlassian Products).

Single Sign-on based on Kerberos

If the business uses an active directory by Microsoft (Windows Server 2003 or newer), an SSO can be implemented based on Kerberos. For the implementation, an Apache web server under Linux is a prerequisite, that will be connected to Confluence. An adapted version of the authentication module in Confluence will receive the user, that was previously authenticated by the Apache web server and signs him on to Confluence.

This form of SSO has only few disadvantages besides the system requirements. Users can only be switched, when the web browser does not conduct an SSO authentication, i.e. with an alternative browser, that does not access the SSO token.

Advantages of this type of SSO are:

  • Automated sign-on to Confluence, when a user signs into Windows.
  • Fallback to a standard login, i.e. for external employees, suppliers, …
  • Mix of local user groups in Confluence and Active Directory / LDAP groups.
  • Anonymous access to the complete Confluence or just to parts.
  • Kerberos SSO is very reliable.

Diese Seite auf Deutsch sehen.

  • No labels

This content was last updated on 07/03/2014.

This content hasn't been updated in a while. That doesn't have to be a problem. Some of our pages live for years without becoming obsolete.

Old content can be incorrect, misleading or outdated. Please get in contact with us via a form on this page, our live chat or via email with content@seibert.group if you are in doubt, have a question, suggestion, or want changes from us.