Pros

  • Works well with the existing infrastructure.
  • Provides SSO for Google Apps and most of other SaaS apps.
  • Offers a comprehensively secure login system

Cons

  • Difficult to implement if not supported by service providers or manufacturers.
  • Prospective incompatibilities in implementation of Single Sign On technique for a large number of applications simultaneously.
Security Assertion Markup Language or SAML is an XML standard which allows secure web domains to trade user authorization and authentication data. To provide the partner companies with total control over the authentication and authorization of hosted user accounts which can access web-based applications like Google Docs or Gmail, Google Apps has put forward a SAML-based Single Sign-On (SSO) service.
Google SSO TechniqueUsing the SAML model, Google partners act as identity providers and can control username, passwords and other profile related information which are used to identify, authorize and authenticate users for Google hosted user applications. Google acts as the service provider and offers services such as Google Docs, Google Calendar, Gmail and Start Pages.

Applicability

It is important to that you should know that Single Sign On technique is applicable only to web applications. If anyone wants enable users to access Google applications with a desktop client such as Microsoft Outlook, it would only offer POP access to Google applications. So you must provide your users with functional passwords and synchronize these passwords with your internal user database by using the provisioning API.

SSO’s SAML Platform

The Google Apps Single Sign On technique is based on the specification of SAML v2.0. Almost all widely known vendors support SAML v2.0.

How Does a Google SSO Login URL Work?

Here we try to explain how to log into a hosted Google Apps through a Google associate operated Single Sign On service.
SAML Transaction Steps in Google SSO Login
  1. Firstly, the user tries to access the hosted Google Apps login page such as of Google Docs, Gmail or another of Google’s services.
  2. A SAML authentication request is generated by Google. The URL for the partner’s Single Sign On (SSO) service is embedded with the SAML request generated by Google.
  3. A redirect link is sent to the user’s browser by Google. The encoded SAML authentication request which is to be submitted to the associate’s SSO service is included in the redirect URL.
  4. The SAML request is decoded by the partner and the URL is extracted. The extracted URL is used for both the user’s destination URL and Google’s Assertion Consumer Service. Thus the user is authenticated by the partner.
  5. Now a SAML response is generated by the partner containing the user’s username. This newly generated response is digitally signed with the associate’s private and public RSA/DSA keys.
  6. The partner encodes the RelayState parameter and the SAML response and sends back that information to the user’s browser. A mechanism is provided by the partner so that the user’s browser may forward the information to Google’s Assertion Consumer Service (ACS). For example, the partner could embed the destination URL and SAML response in a form and include a JavaScript on that page which will automatically submit the form to Google. The partner could also provide a button which the user can click and submit the form to Google.
  7. The SAML response sent to the Google is verified by the Google’s ACS with the help of the partner’s public key. If the verification yields successfully, the user is redirected to the destination URL by the ACS.
  8. Now the user finally can access the Google Apps page and is logged into his account.
Axact

Axact

Vestibulum bibendum felis sit amet dolor auctor molestie. In dignissim eget nibh id dapibus. Fusce et suscipit orci. Aliquam sit amet urna lorem. Duis eu imperdiet nunc, non imperdiet libero.

Post A Comment:

0 comments: