单点登录

浅析C#中单点登录的原理和使用 - 农码一生 - 博客园 (cnblogs.com)

 

What does sso mean?

SSO stands for Single Sign-On. It is a technology that allows users to log in to multiple applications and services using a single set of credentials (such as a username and password) and without having to re-authenticate for each application or service. SSO is commonly used in enterprise environments to simplify the login process for users who need to access multiple systems and applications. By providing a unified authentication mechanism, SSO can also improve security by reducing the need for users to remember multiple sets of login credentials.

 

Does it mean sso based on same domain?

No, SSO (Single Sign-On) is not necessarily limited to the same domain. It refers to a mechanism that allows a user to authenticate once and then access multiple applications or systems without having to provide their credentials again. This can include applications and systems that are hosted on different domains, as long as they are configured to recognize the same authentication credentials.

For example, a user might sign in to a company's internal authentication system and then be able to access various applications and systems, including ones that are hosted on different domains or by third-party providers, without having to sign in again. This is the essence of SSO: one set of login credentials can be used to access multiple systems, regardless of their location or domain.

How does sso work?

SSO, or Single Sign-On, is a mechanism that allows users to access multiple applications or services with a single set of login credentials.

In a typical SSO scenario, a user logs in to an identity provider (IDP) with their username and password, and the IDP generates a token that contains information about the user's identity. This token is then used to authenticate the user with various applications or services that are configured to trust the IDP.

When the user attempts to access an application, the application redirects the user's browser to the IDP's login page. After the user successfully logs in to the IDP, the IDP sends the token to the application, which uses it to validate the user's identity and grant access to the requested resource.

There are several different protocols and technologies that can be used to implement SSO, including SAML (Security Assertion Markup Language), OpenID Connect, OAuth, and Kerberos. Each has its own strengths and weaknesses, and the choice of protocol will depend on the specific requirements of the application and the underlying IT infrastructure.

 

Give an sample about sso which use Google account to login facebook

While it is not possible to use Google accounts to directly log into Facebook due to the two services being separate entities with their own authentication mechanisms, it is possible to use SSO to allow users to log in to both services with a single set of credentials.

Here's a sample scenario:

1. User navigates to Facebook and clicks on the "Log in with Google" button.
2. Facebook redirects the user to the Google login page, where the user enters their Google credentials.
3. Google verifies the user's credentials and generates an authentication token.
4. Google redirects the user back to Facebook, passing the authentication token along with the redirect.
5. Facebook receives the authentication token from Google and verifies it.
6. If the authentication token is valid, Facebook creates a session for the user and logs them in.

This process can be made more seamless by using protocols like OpenID Connect or SAML, which allow for the exchange of authentication tokens between different services without requiring the user to enter their credentials multiple times.

 

How could facebook be able to verify the authentication token from google?

Facebook would typically act as a relying party in this scenario. When a user logs into Facebook using their Google account, Facebook would receive an authentication token from Google indicating that the user has been authenticated. Facebook would then need to validate the authentication token to ensure that it is legitimate and has not been tampered with.

To validate the authentication token, Facebook would need to communicate with Google's authorization server. This would typically be done using the OAuth 2.0 protocol. The authentication token would be sent to Google's authorization server, along with a request for validation. Google's authorization server would then return a response indicating whether the authentication token is valid or not.

Facebook would need to ensure that the request to validate the authentication token is sent securely, and that the response is received securely as well. Typically, this would involve using SSL/TLS encryption to secure the communication between Facebook and Google's authorization server.

 

 

 

 

作者:Chuck Lu    GitHub