Single Sign-On Federation Instance : Providing Data about Authenticated Users to Web Applications

Abstract

This thesis entails the process of installing and configuring a Single Sign-On instance that enables its users to access web applications and services without the need of multiple authentications. The end-users will access the service through a portal which they have already logged into, the agent application will mostly only validate the preexisting cookies and allow access to the integrated applications. The authentication itself is done externally by creating a connection to a preexisting environment built for the purpose, using an “Agent”-application that handles the related queries and responses. The session cookies are saved in the user’s web browser, so the user will not have to log in again until the cookie has expired. As long as a valid cookie has been created for the user, they should be able to access the applications and services integrated into this environment. The main purpose of the environment is transferring user information to the applications, ie. federating, which was implemented here using the Secure Assertion Markup Language (SAML).