Federated Identity Management
If you’re studying for one of the security certifications such as CISSP, SSCP, or Security+ it’s important to understand single sign-on (SSO) concepts and federated access.
SSO refers to the ability of a user to log on or access multiple systems by providing credentials only once. It enhances security by requiring users to use and remember only one set of credentials for authentication. Once signed on using SSO, this one set of credentials is used throughout a user’s entire session.
Pass the Security+ exam the first time you take it.
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
Kerberos
Kerberos is an authentication protocol commonly used to help support SSO in many networks. When users authenticate, a Key Distribution Center (KDC) issues the user an encrypted time-stamped ticket-granting ticket (TGT). The TGT is cached on the user’s system and normally has a lifetime of 10 hours but can be renewed. Kerberos uses symmetric cryptography to encrypt tickets and in most current implementations it uses Advanced Encryption Standard (AES). The KDC is also referred to as an authentication server (AS) or sometimes as a Kerberos authentication server (KAS).
When the user later wants to access a resource such as a file on a server, the user’s system submits the TGT with a request to access the resource. The KDC validates the TGT and sends the user a ticket (sometimes called a service ticket) for the resource. The user’s system then submits this ticket to the host of the resource (in this case the file server) with a request to access the resource. The host checks with the KDC to ensure that the ticket is valid and if so, allows access as long as the user is authorized.
Kerberos requires all systems to be time synchronized and the default in version 5 is for all systems to be within five minutes of each other. If a system is more than five minutes off, the KDC won’t issue a TGT or any other tickets, effectively blocking all non-anonymous access on a network. It uses a database of credentials to authenticate users and uses port 88 by default.
A drawback with Kerberos is that it represents a single point of failure. If the KDC fails, all authentication stops. Additionally, if the KDC is compromised, all credentials are compromised.
 | Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.Buy The Full Access Study Package Today
60 Days Access
Need more time? You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Over 40 new multiple-choice questions we’ve added after publishing the study guide.
- Over 30 performance-based questions. See a demo here.
- All of the flashcards from the study guide. View them in any Web browser.
- All of the audio from the study guide. Listen to a sample here.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
Studying SSCP? This book covers the new objectives effective Feb 1, 2012.
SSCP Systems Security Certified Practitioner All-in-One Exam Guide
SSO and Federated Identity Management
Identity management refers to the management of user identities and their credentials. For example, usernames and passwords are stored in a database that can be accessed by Kerberos to authenticate users. Users claim an identity and prove their identity by authenticating, such as with a password. In federated identity management, organizations join a group of organizations called a federation. All the organizations within the federation agree on a method to share identities between the organizations.
Once the federation is configured, users are able to log on one time within their organization and then access resources in other organizations without logging on again. This is usually transparent to the user.
As an example, I have worked in an organization where we logged on with smart cards. We had access to training sites hosted by other organizations but part of a federated identity management system. All we had to do was access the web site using a web browser, and our credentials were automatically recognized without requiring us to take any additional steps.
One of the biggest challenges is being able to share identity information between organizations in the federation. A common way this is done is with the Service Provisioning Markup Language (SPML). SPML is an extension of Extensible Markup Language (XML) which is used to describe data.
In summary, SSO methods can increase security by reducing the number of passwords users must remember. Federated access allows an organization to share identities between different organizations in a common group, or federation of organizations.
Master Security+ Performance Based Questions Video
| Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.Buy The Full Access Study Package Today
60 Days Access
Need more time? You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Realistic SY0-601 Security+ Practice Test Questions
- Performance-based questions.
- All of the flashcards from the study guide. View them in any Web browser. See demo here
- All of the audio from the study guide.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
Hi Darril, you might want to write a post on the difference between a single sign-on and same sign-on. That was the question on the test.