Alcazar Security Solutions

Menu
Contact

API Products

Single Sign-On

Enabling biometric single sign-on to web applications

Benefits

Why would you want to implement single sign-on in your environment?

It is a reality for any CIO or information systems manager, that organisations using an increasing number of web applications, many of which will be externally hosted in the cloud. Users expect to be able to access these applications from anywhere, anytime, on any device, and with one identity.
This is where Single Sign-on (SSO) is at its best, and it promises great benefits for the organisation:

  • It increases employee productivity: Sign on just once, and access all applications without having to re-enter credentials.
  • Reduce support calls: Users with just one password to access all their apps won’t require assistance as often.
  • Improve user experience: Since there is no need to hop between multiple login URLs, or reset passwords, users save time for every login.
  • Mitigate security risks: Employees can use their SSO login credentials on any device, in any web browser, without introducing security risks.
  • Since users only need to remember one password for multiple applications, they are more likely to create a stronger (harder to guess) passphrase,
    and less likely to write it down. These best practices reduce the risk of password theft.
  • More passwords, more problems. If customers have a hard time signing in, they will leave your site or app before you can convince them.

Planning Single Sign-On

For the IT team, planning and implementating Single Sign-on for an organisation is an undertaking which impacts on many disciplines within the organisation,
and is a potentially complex and disrupting endeavour.
While the end goal promises great benefits, the process to get there requires a great deal of coordination between several aspects of the organisations and most often external stakeholders.

Enable applications to participate in SSO

A key step in the process of implementing Single Sign-on is to enable applications to participate in the SSO ecosystem. Many existing third-party applications will readily support SSO using SAML 2.0 or OpenID Connect 1.0. Your in-house applications may first have to be made ready to participate in an SSO ecosystem. This may involve significant changes to the application.

This is where Alcazar Single client enablement comes in. The Alcazar Single client enablement framework supports ASP.NET and ASP.NET Core Razor applications.

A key step in the process of implementing Single Sign-on is to enable applications to participate in the SSO eco-system.
Many existing, third-party applications will readily support SSO using SAML 2.0 or OpenID Connect 1.0.
Your in-house applications may first have to be made ready to participate in an SSO eco-system. This may involve significant changes to the application.

Enabling your web application to participate in a single sign-on eco-system is a matter of a few simple steps:

  1.  Reference the `Single.Web.Client` Nuget.
    This assembly contains Razor controllers required to configure your client application to become an authentication client for SAML or OIDC.
  2. Add menu items to make configuration pages available to the user.
    If you use the menu generator of Alcazar ASP.NET One, you can use a simple menu definition.
    Else, create your menu so that the user can access the referenced controller actions.
  3. Include one of the single-signon authentication schemes (`Saml2`, `Oidc1`) in your application configuration.
  4. Use the configuration pages to create the `SAML` service provider or `OIDC` relying party configuration.
    This will create the required metadata and configuration for your application to participate in the SSO ecosystem.
  5. Establish mutual trust between your application and the authentication server. This is done by exchanging metadata between the authentication server and your application.