In today's digital era, internet and cloud computing, usability and security are most extremely important. Swift interaction on
the internet is, however, often compromised by the need of frequently entering usernames and passwords. To prevent users from having
to authenticate frequently, services can be provided with Single Sign-On. There are several SSO protocols available, all of which have
different properties. This paper provides a comparison of these protocols based on their suitability and security. The comparison should
help to decide and build SSO protocol. Information about several SSO protocols are gathered. The protocols are compared based on their
properties and functionality namely OpenID Connect, SAML and LDAP. This paper focuses on performing a security analysis on these
protocols and recommends a better protocol for implementing a single sign-on service. It turned out that SAML is used most often.
Protocol called SAML is a commonly used protocol with security vulnerability in the implementation. But OpenID Connect is the fastest
growing protocol. The LDAP protocol was built for server SSO in a local network and not for web applications and also LDAP is the
least famous protocol. Both LDAP and SAML are becoming out dated, whereas OpenID Connect is new, web oriented and used by
many leading companies such as Google, Yahoo and Facebook. OpenID Connect offers authentication and authorization. It uses modern
standards and has a growing community. Because of this OpenID Connect is the best protocol to build SSO.
Published In:IJCSN Journal Volume 8, Issue 2
Date of Publication : April 2019
Pages : 138-143
Figures :05
Tables : 01
R. Rackymuthu :
B.Sc., M.Sc pursuing M.Phil
in Department of Computer Science,
Government Arts College, Coimbatore-641 018.
V.B.Buvaneswari :
(Educational
Qualification) Assistant Professor,
Department of Computer Science,
Government Arts College (Autonomous),
Coimbatore - 641 018.
OIDC, SAML, LDAP, SSO, XML
OpenID Connect is the newest protocol (2014), and LDAP
is the oldest (1993). Because LDAP was released when the
internet was still in its infancy, its focus is not on web
applications but on communication between servers of an
enterprise. SAML and OpenID Connect both offer
authentication and authorization, and both focus on the
web. This means that they use protocols and notations in
their communications that are supported by the web, that
they are light weight and that they also support SSO on
multiple domains. SAML protocol have major
implementation problem named XML Wrapping Attack.
That is a chance for the intruders to alter the messages. So
OIDC is a best choice for this problem.
[1] Arul Princy (2013) "A Survey on Single Sign-On
Mechanism for Multiple Service Authentications"
International Journal of Computer Science and Mobile
Computing (IJCSMC). [2] BaranTopal (2016) "Methods of Single Sign-On"
KTH, School of Information and Communication
Technology (ICT). (CCS).
[3] Carbone, R., Armando, A., Compagna, L., Cuellar, J.,
and Tobarra, L. (2008) "Formal Analysis of SAML 2.0
Web Browser Single Sign-On: Breaking the SAMLBased
Single Sign-On for Google Apps". Proceedings
of the 6th ACM Workshop on Formal Methods in
Security Engineering.
[4] Collan, J.,( 2009) "Secure Authentication and
Authorization Portal Based on Single Sign-on".
Helsinki University of Technology.
[5] Causton, R. P., (2002) "Smart Card Usage for
Authentication In Web Single Sign-On Systems."
Master of Science degree thesis.Helsinki University of
Technology.
[6] Daniel Fett,RalfKüster,Guido Schmitz (2015) "A
Secure, Privacy-Respecting Single Sign-On System for
the Web" ACM.
[7] David, R., Laurie, R., and Chris, M. (2012) "OpenID:
the Definitive Guide". Oreilly Associates Inc.
[8] Fang Yinglan, JinHao and Han Bing (2014) "Single
Sign-On Research and Expansion Based On CAS" The
Open Cybernetics &Systemics Journal.
[9] Kaufman, C., Perlman, R. and Speciner, M.,(2002).
"Network Security Private Communication in a Public
World". 2nd ed. New Jersey: Prentice Hall.
[10] Khalid Bashir And Saman Asif (2010) "Important
Considerations For Single Sign-On Solution"
International Journal Of Multidisciplinary ciences And
Engineering.
[11] Lawrence O'Gorman (2003) "Comparing Passwords,
Tokens, and Biometrics for User Authentication "
Proceedings of the IEEE.
[12] Manoj V. Thomas, Anand Dhole, K. Chandrasekaran
(2015) "Single Sign-On in Cloud Federation using
CloudSim" I. J. Computer Network and Information
Security,
[13] Madhavi A. Indalkar , Ram Joshi (2014) "Efficient and
Secure Single Sign on Mechanism for Distributed
Network" International Journal of Computer
Applications.
[14] Mohamed Watfa, Shakir Khan, Ali Radmehr (2014)
"Implications of SSO solutions on cloud applications"
University of Wollongong in Dubai - Papers.
[15] Mary OdilyaTeena.A, Dr.Aaramuthan.M(2017)
"Federated Cloud Identity Management: A Study on
PrivacyTactics, Tools and Technologies" IOSR Journal
of Computer Engineering.
[16] Marise-Marie, Michael Lane (2010) "The Adoption of
Single Sign-On and Multifactor Authentication in
Organizations - A Critical Evaluation Using TOE
Framework" Issues in Informing Science and
Information Technology.
[17] Michal Trnka and Tomas Cerny and Nathaniel
Stickney (2018) "Survey of Authentication and
Authorization for the Internet of Things", Security and
Communication Networks, Hindawi.
[18] Prashant Kumar Gajar, Arnab Ghosh And Shashikant
Rai (2013) "Bring Your Own Device (Byod): Security
Risks And Mitigating Strategies" Journal Of Global-
Research In Computer Science
[19] Pospisil S. T., Beznosov I., Muslukhov, Dindar, N.,
Hawkey, K.(2011) "What Makes Users Refuse Web
Single Sign-On". Symposium on Usable Privacy and
Security (SOUPS).
[20] Raksha patil and Madhuri zawar (2016) "Lightweight
Directory Access Protocol for Replication of directory
server data", International Journal of Advances in
Electronics and Computer Science,
[21] Tian-yuWo, Bo Li, Sheng Ge, and Dian-fu Ma (2015)
"Research and Implementation of Single Sign-On
Mechanism for ASP Pattern" Computer Institute,
BeiHang.
[22] Waleed A. Alrodhan and Alya I. Alqarni (2017),
"Security Investigation and Analysis of OpenID:
Problems and Enhancements", IJCSNS.