{"id":988,"date":"2022-11-17T17:04:46","date_gmt":"2022-11-17T11:34:46","guid":{"rendered":"https:\/\/www.techandtrain.com\/blog\/?p=988"},"modified":"2025-10-22T14:53:53","modified_gmt":"2025-10-22T09:23:53","slug":"sso-single-sign-on-notes-part-1","status":"publish","type":"post","link":"https:\/\/www.techandtrain.com\/blog\/2022\/11\/sso-single-sign-on-notes-part-1\/","title":{"rendered":"SSO (Single Sign on) Notes &#8211; Part 1"},"content":{"rendered":"\n<p>With so many products, technologies, protocols and options &#8211; SSO (Single Sign on) discussions can sometimes confuse many. Here is my effort to clarify SSO by explaining the layers in it.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Types of SSO &#8211; System \/ operating system based or browser based. There are further refined details here but for part 1 of the blog, only covering the basic two types<\/li>\n\n\n\n<li>Identity provider &#8211; This is the layer which provides the identity and other details of the user.  Think of this as a protocol method \/ function call to assets behind the scenes. Both this layer and service provider act as methods \/ functions \/ flow points \/ events in the full flow of SSO. This layer will go and in the backend most of the times interact with user stores to get details about users <\/li>\n\n\n\n<li>Service provider &#8211; This is the layer that provides \/ presents the user with the business application like Liferay and so on by providing features like redirects, discovery of identity provider and so on. Note: applications like Liferay can act both as identity provider &amp; service provider with SAML<\/li>\n\n\n\n<li>SSO technology products &#8211; PicketLink, ADFS (Active Directory Federation Services), Okta, Auth0, Ping Identity, SiteMinder, Shibboleth and so on<\/li>\n\n\n\n<li>Protocols: NTLM (Deprecated), SAML, Kerberos, OpenID and so on<\/li>\n\n\n\n<li>Customizations, configurations in applications like web.xml, XMLs, login screens, redirects, tokens, claims and so on along with their application servers<\/li>\n<\/ul>\n\n\n\n<p>Thinking in terms of layers &amp; flows between these concepts helps us to understand and work in a better way with SSO solutions.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><a href=\"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/11\/Saml2-browser-sso-redirect-post.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"993\" data-permalink=\"https:\/\/www.techandtrain.com\/blog\/2022\/11\/sso-single-sign-on-notes-part-1\/saml2-browser-sso-redirect-post\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/11\/Saml2-browser-sso-redirect-post.png?fit=800%2C566&amp;ssl=1\" data-orig-size=\"800,566\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Saml2-browser-sso-redirect-post\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/11\/Saml2-browser-sso-redirect-post.png?fit=800%2C566&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/11\/Saml2-browser-sso-redirect-post.png?resize=802%2C567&#038;ssl=1\" alt=\"\" class=\"wp-image-993\" width=\"802\" height=\"567\" srcset=\"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/11\/Saml2-browser-sso-redirect-post.png?w=800&amp;ssl=1 800w, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/11\/Saml2-browser-sso-redirect-post.png?resize=300%2C212&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/11\/Saml2-browser-sso-redirect-post.png?resize=768%2C543&amp;ssl=1 768w\" sizes=\"auto, (max-width: 802px) 100vw, 802px\" \/><\/a><figcaption class=\"wp-element-caption\">https:\/\/commons.wikimedia.org\/wiki\/File:Saml2-browser-sso-redirect-post.png <\/figcaption><\/figure>\n\n\n\n<p>References:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>https:\/\/en.wikipedia.org\/wiki\/Single_sign-on<\/li>\n<\/ul>\n\n\n\n<p>Email me: Neil@HarwaniSystems.in<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With so many products, technologies, protocols and options &#8211; SSO (Single Sign on) discussions can sometimes confuse many. Here is [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":989,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[201],"tags":[243],"class_list":["post-988","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iam-sso","tag-single-sign-on"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/11\/SSO.jpg?fit=1920%2C711&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7do02-fW","jetpack-related-posts":[{"id":844,"url":"https:\/\/www.techandtrain.com\/blog\/2022\/03\/keywords-for-identity-access-management-plus-single-sign-on-with-links-from-liferay-ecosystem-part-1\/","url_meta":{"origin":988,"position":0},"title":"Keywords for Identity &#038; Access Management plus Single Sign on with links from Liferay ecosystem &#8211; Part 1","author":"Neil Harwani","date":"March 4, 2022","format":false,"excerpt":"Keywords in the identity & access management space along with single sign on: Active DirectoryLDAPOAuthKerberosOpenIDSAMLCASSeamless loginShibbolethIAMSSOJWTIdentity providerService providerMFATFAPrincipalIdentity synchronizationIdentity lifecycle managementEntitlementAuthorizationAuthenticationFederated identityB2B & B2C Links from Liferay documentation for above: https:\/\/learn.liferay.com\/dxp\/latest\/en\/installation-and-upgrades\/securing-liferay\/configuring-sso.htmlhttps:\/\/learn.liferay.com\/dxp\/latest\/en\/installation-and-upgrades\/securing-liferay.htmlhttps:\/\/learn.liferay.com\/dxp\/latest\/en\/headless-delivery\/using-oauth2\/creating-oauth2-applications.htmlhttps:\/\/help.liferay.com\/hc\/en-us\/articles\/360033738332-Authenticating-Using-SAMLhttps:\/\/help.liferay.com\/hc\/en-us\/articles\/360026505211-Authenticating-with-Kerberoshttps:\/\/www.liferay.com\/resources\/whitepapers\/Identity+Management+in+Liferay+DXPhttps:\/\/help.liferay.com\/hc\/en-us\/articles\/360018176491-OAuth-2-0https:\/\/en.wikipedia.org\/wiki\/Identity_management Email me: Neil@HarwaniSystems.in","rel":"","context":"In &quot;IAM-SSO&quot;","block_context":{"text":"IAM-SSO","link":"https:\/\/www.techandtrain.com\/blog\/category\/iam-sso\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/03\/Startup.jpg?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/03\/Startup.jpg?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/03\/Startup.jpg?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/03\/Startup.jpg?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/03\/Startup.jpg?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":950,"url":"https:\/\/www.techandtrain.com\/blog\/2022\/08\/cyber-security-keywords-concepts-part-1\/","url_meta":{"origin":988,"position":1},"title":"Cyber Security Keywords &#038; Concepts &#8211; Part 1","author":"Neil Harwani","date":"August 28, 2022","format":false,"excerpt":"Here is a list of keywords & concepts in Cyber Security that technology professionals should be aware of. This is part 1 of the series. CSPXSSISO 27001OWASPEncoding \/ decodingEncryption and it's typesCSRFCORSHashingAuthenticationAuthorizationIAMSSOSAMLOAuthTokensHTTPS \/ SSLDOS \/ DDOSBackdoorMalwareSecure codingThreats, Vulnerabilities, Controls & MitigationVAPTSocial EngineeringSpoofingProxy serversPhishingSQL injectionBuffer overflowViruses, Worms, Keyloggers, SpywaresIdentity theftRootKitsZero DayVPN\u2026","rel":"","context":"In &quot;Cyber Security&quot;","block_context":{"text":"Cyber Security","link":"https:\/\/www.techandtrain.com\/blog\/category\/cyber-security\/"},"img":{"alt_text":"Credit: www.Pixabay.com","src":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/08\/CyberSecurity.jpg?fit=1200%2C675&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/08\/CyberSecurity.jpg?fit=1200%2C675&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/08\/CyberSecurity.jpg?fit=1200%2C675&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/08\/CyberSecurity.jpg?fit=1200%2C675&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/08\/CyberSecurity.jpg?fit=1200%2C675&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":1138,"url":"https:\/\/www.techandtrain.com\/blog\/2023\/10\/general-checklist-for-performance-tuning-go-live-in-java-part-1\/","url_meta":{"origin":988,"position":2},"title":"General checklist for performance tuning &amp; go-live in Java &#8211; Part 1","author":"Neil Harwani","date":"October 11, 2023","format":false,"excerpt":"Here is a general checklist for performance tuning & go-live in Java - Part 1: Servers: CPU, Memory, Threads, Network configurations, page size, hardening and more JVM: MBeans, Security, Garbage collection type and settings, Arguments, Heap, Version, Core allotment, Generations and more App server: Thread pool, JDBC\/JNDI, Type of connection\u2026","rel":"","context":"In &quot;Java&quot;","block_context":{"text":"Java","link":"https:\/\/www.techandtrain.com\/blog\/category\/java\/"},"img":{"alt_text":"Credits: www.Pixabay.com","src":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/10\/Blue-Angels.jpg?fit=1200%2C675&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/10\/Blue-Angels.jpg?fit=1200%2C675&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/10\/Blue-Angels.jpg?fit=1200%2C675&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/10\/Blue-Angels.jpg?fit=1200%2C675&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/10\/Blue-Angels.jpg?fit=1200%2C675&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":1132,"url":"https:\/\/www.techandtrain.com\/blog\/2023\/09\/what-you-should-not-be-doing-in-liferay-part-1\/","url_meta":{"origin":988,"position":3},"title":"What you should not be doing in Liferay &#8211; Part 1","author":"Neil Harwani","date":"September 30, 2023","format":false,"excerpt":"Here is a list of what you should not be doing in Liferay - Part 1 and also what you should be doing written right next to it in place of the wrong things: Write JDBC calls in portlets. Avoid JDBC calls in portlets. Please explore expando, service builder, dynamic\u2026","rel":"","context":"In &quot;Liferay&quot;","block_context":{"text":"Liferay","link":"https:\/\/www.techandtrain.com\/blog\/category\/liferay\/"},"img":{"alt_text":"Credit: www.Pixabay.com","src":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/09\/caution-943376_1280.png?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/09\/caution-943376_1280.png?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/09\/caution-943376_1280.png?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/09\/caution-943376_1280.png?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/09\/caution-943376_1280.png?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":1070,"url":"https:\/\/www.techandtrain.com\/blog\/2023\/05\/how-to-take-knowledge-transfer-in-a-discussion-for-liferay-engagement-part-1\/","url_meta":{"origin":988,"position":4},"title":"How to take knowledge transfer in a discussion for Liferay engagement &#8211; Part 1","author":"Neil Harwani","date":"May 17, 2023","format":false,"excerpt":"Here is a list of points which will help in taking a knowledge transfer for a Liferay engagement - Part 1: 1. Check which products of Liferay are in use: DXP, Commerce, Analytics and \/ or Cloud LXC 2. Take the list of osgi\/configs & osgi\/modules to get configurations of\u2026","rel":"","context":"In &quot;Liferay&quot;","block_context":{"text":"Liferay","link":"https:\/\/www.techandtrain.com\/blog\/category\/liferay\/"},"img":{"alt_text":"Credits: www.Pixabay.com","src":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/05\/fantasy-g5314dd315_1920.jpg?fit=1200%2C910&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/05\/fantasy-g5314dd315_1920.jpg?fit=1200%2C910&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/05\/fantasy-g5314dd315_1920.jpg?fit=1200%2C910&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/05\/fantasy-g5314dd315_1920.jpg?fit=1200%2C910&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2023\/05\/fantasy-g5314dd315_1920.jpg?fit=1200%2C910&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":825,"url":"https:\/\/www.techandtrain.com\/blog\/2022\/02\/keywords-to-search-on-liferay-part-1\/","url_meta":{"origin":988,"position":5},"title":"Keywords to search on Liferay &#8211; Part 1","author":"Neil Harwani","date":"February 19, 2022","format":false,"excerpt":"Searching these keywords on Liferay will keep you updated on what's happening in the ecosystem. Add \"Liferay\" in-front of these keywords & search the same. It's a mix of technical & functional \/ product feature topics. This is Part-1 of the series. Module loaderMVC portletLoggingUpgradePatch toolSearch filterHot fixesService packsSearch experiencesObjectsCommerceService\u2026","rel":"","context":"In &quot;Liferay&quot;","block_context":{"text":"Liferay","link":"https:\/\/www.techandtrain.com\/blog\/category\/liferay\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/02\/Liferay.png?fit=594%2C209&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/02\/Liferay.png?fit=594%2C209&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.techandtrain.com\/blog\/wp-content\/uploads\/2022\/02\/Liferay.png?fit=594%2C209&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.techandtrain.com\/blog\/wp-json\/wp\/v2\/posts\/988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.techandtrain.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techandtrain.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techandtrain.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techandtrain.com\/blog\/wp-json\/wp\/v2\/comments?post=988"}],"version-history":[{"count":5,"href":"https:\/\/www.techandtrain.com\/blog\/wp-json\/wp\/v2\/posts\/988\/revisions"}],"predecessor-version":[{"id":996,"href":"https:\/\/www.techandtrain.com\/blog\/wp-json\/wp\/v2\/posts\/988\/revisions\/996"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techandtrain.com\/blog\/wp-json\/wp\/v2\/media\/989"}],"wp:attachment":[{"href":"https:\/\/www.techandtrain.com\/blog\/wp-json\/wp\/v2\/media?parent=988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techandtrain.com\/blog\/wp-json\/wp\/v2\/categories?post=988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techandtrain.com\/blog\/wp-json\/wp\/v2\/tags?post=988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}