Call For Papers
Contact Us

  Effective Comparison of Single Sign-On Protocols  
  Authors : R Rackymuthu; V B Buvaneswari
  Cite as:


In today's digital era, internet and cloud computing, usability and security are most extremely important. Swift interaction on the internet is, however, often compromised by the need of frequently entering usernames and passwords. To prevent users from having to authenticate frequently, services can be provided with Single Sign-On. There are several SSO protocols available, all of which have different properties. This paper provides a comparison of these protocols based on their suitability and security. The comparison should help to decide and build SSO protocol. Information about several SSO protocols are gathered. The protocols are compared based on their properties and functionality namely OpenID Connect, SAML and LDAP. This paper focuses on performing a security analysis on these protocols and recommends a better protocol for implementing a single sign-on service. It turned out that SAML is used most often. Protocol called SAML is a commonly used protocol with security vulnerability in the implementation. But OpenID Connect is the fastest growing protocol. The LDAP protocol was built for server SSO in a local network and not for web applications and also LDAP is the least famous protocol. Both LDAP and SAML are becoming out dated, whereas OpenID Connect is new, web oriented and used by many leading companies such as Google, Yahoo and Facebook. OpenID Connect offers authentication and authorization. It uses modern standards and has a growing community. Because of this OpenID Connect is the best protocol to build SSO.


Published In : IJCSN Journal Volume 8, Issue 2

Date of Publication : April 2019

Pages : 138-143

Figures :05

Tables : 01


R. Rackymuthu : B.Sc., M.Sc pursuing M.Phil in Department of Computer Science, Government Arts College, Coimbatore-641 018.

V.B.Buvaneswari : (Educational Qualification) Assistant Professor, Department of Computer Science, Government Arts College (Autonomous), Coimbatore - 641 018.



OpenID Connect is the newest protocol (2014), and LDAP is the oldest (1993). Because LDAP was released when the internet was still in its infancy, its focus is not on web applications but on communication between servers of an enterprise. SAML and OpenID Connect both offer authentication and authorization, and both focus on the web. This means that they use protocols and notations in their communications that are supported by the web, that they are light weight and that they also support SSO on multiple domains. SAML protocol have major implementation problem named XML Wrapping Attack. That is a chance for the intruders to alter the messages. So OIDC is a best choice for this problem.


[1] Arul Princy (2013) "A Survey on Single Sign-On Mechanism for Multiple Service Authentications" International Journal of Computer Science and Mobile Computing (IJCSMC). [2] BaranTopal (2016) "Methods of Single Sign-On" KTH, School of Information and Communication Technology (ICT). (CCS). [3] Carbone, R., Armando, A., Compagna, L., Cuellar, J., and Tobarra, L. (2008) "Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAMLBased Single Sign-On for Google Apps". Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering. [4] Collan, J.,( 2009) "Secure Authentication and Authorization Portal Based on Single Sign-on". Helsinki University of Technology. [5] Causton, R. P., (2002) "Smart Card Usage for Authentication In Web Single Sign-On Systems." Master of Science degree thesis.Helsinki University of Technology. [6] Daniel Fett,RalfKüster,Guido Schmitz (2015) "A Secure, Privacy-Respecting Single Sign-On System for the Web" ACM. [7] David, R., Laurie, R., and Chris, M. (2012) "OpenID: the Definitive Guide". Oreilly Associates Inc. [8] Fang Yinglan, JinHao and Han Bing (2014) "Single Sign-On Research and Expansion Based On CAS" The Open Cybernetics &Systemics Journal. [9] Kaufman, C., Perlman, R. and Speciner, M.,(2002). "Network Security Private Communication in a Public World". 2nd ed. New Jersey: Prentice Hall. [10] Khalid Bashir And Saman Asif (2010) "Important Considerations For Single Sign-On Solution" International Journal Of Multidisciplinary ciences And Engineering. [11] Lawrence O'Gorman (2003) "Comparing Passwords, Tokens, and Biometrics for User Authentication " Proceedings of the IEEE. [12] Manoj V. Thomas, Anand Dhole, K. Chandrasekaran (2015) "Single Sign-On in Cloud Federation using CloudSim" I. J. Computer Network and Information Security, [13] Madhavi A. Indalkar , Ram Joshi (2014) "Efficient and Secure Single Sign on Mechanism for Distributed Network" International Journal of Computer Applications. [14] Mohamed Watfa, Shakir Khan, Ali Radmehr (2014) "Implications of SSO solutions on cloud applications" University of Wollongong in Dubai - Papers. [15] Mary OdilyaTeena.A, Dr.Aaramuthan.M(2017) "Federated Cloud Identity Management: A Study on PrivacyTactics, Tools and Technologies" IOSR Journal of Computer Engineering. [16] Marise-Marie, Michael Lane (2010) "The Adoption of Single Sign-On and Multifactor Authentication in Organizations - A Critical Evaluation Using TOE Framework" Issues in Informing Science and Information Technology. [17] Michal Trnka and Tomas Cerny and Nathaniel Stickney (2018) "Survey of Authentication and Authorization for the Internet of Things", Security and Communication Networks, Hindawi. [18] Prashant Kumar Gajar, Arnab Ghosh And Shashikant Rai (2013) "Bring Your Own Device (Byod): Security Risks And Mitigating Strategies" Journal Of Global- Research In Computer Science [19] Pospisil S. T., Beznosov I., Muslukhov, Dindar, N., Hawkey, K.(2011) "What Makes Users Refuse Web Single Sign-On". Symposium on Usable Privacy and Security (SOUPS). [20] Raksha patil and Madhuri zawar (2016) "Lightweight Directory Access Protocol for Replication of directory server data", International Journal of Advances in Electronics and Computer Science, [21] Tian-yuWo, Bo Li, Sheng Ge, and Dian-fu Ma (2015) "Research and Implementation of Single Sign-On Mechanism for ASP Pattern" Computer Institute, BeiHang. [22] Waleed A. Alrodhan and Alya I. Alqarni (2017), "Security Investigation and Analysis of OpenID: Problems and Enhancements", IJCSNS.