Understanding SSO: Concepts and Protocols

By -

Understanding SSO: Concepts and Protocols

Single Sign-On (SSO) is one of the most common authentication strategies in modern enterprises.

Instead of logging into multiple applications separately, SSO allows a user to:

  • Authenticate once
  • Access multiple applications without re-login

This post explains the **core concepts**, popular protocols, and why SSO is widely used.

What is SSO?

SSO is a user authentication process that permits a user to access multiple applications with **one set of credentials**.

Benefits include:

  • Improved user experience — fewer logins
  • Centralized authentication management
  • Reduced password fatigue and security risks

How SSO works — high-level flow

The typical SSO flow:

  1. User tries to access an application (Service Provider / SP)
  2. SP redirects to an Identity Provider (IdP)
  3. User authenticates at IdP
  4. IdP issues a token or assertion
  5. SP validates token and grants access

After the first login, other SPs accept the same token or session, so the user does not have to log in again.

Popular SSO protocols

1. SAML (Security Assertion Markup Language)

  • XML-based protocol
  • Common in enterprise and legacy systems
  • Uses assertions to pass authentication info

2. OAuth2 / OpenID Connect

  • OAuth2: authorization framework (delegates access)
  • OIDC: authentication layer on top of OAuth2
  • JSON tokens (JWT) for modern web/mobile apps

3. Kerberos

  • Ticket-based authentication
  • Used in Windows / Active Directory environments
  • Works best in intranet setups

SSO vs traditional login

Aspect Traditional Login SSO
Login frequency Multiple times per app Once per session
Central control Each app manages its own users IdP manages users centrally
User experience Login fatigue Smooth experience across apps

Why SSO matters in modern Spring Boot applications

  • Microservices often require a centralized authentication solution
  • Security frameworks like Spring Security support SSO integration
  • Enterprise apps often rely on OAuth2 / OIDC or SAML IdPs

Next steps

The next post in this series will show how to integrate **Keycloak with Spring Boot**, covering real login flows, adapters, and configuration.

Part of the Spring Boot SSO Series

❤️ Support This Blog

If this post helped you, you can support my writing with a small donation. Thank you for reading.

Coffee ☕ Thanks 🙏 Extra Support ❤️

Comments

Post a Comment

Popular posts from this blog

fixed: embedded-redis: Unable to run on macOS Sonoma

By -
Image
Issue you might see below error while trying to run embedded-redis for your testing on your macOS after you upgrade to Sonoma. java.lang.RuntimeException: Can't start redis server. Check logs for details. Redis process log: at redis.embedded.AbstractRedisInstance.awaitRedisServerReady(AbstractRedisInstance.java:70) at redis.embedded.AbstractRedisInstance.start(AbstractRedisInstance.java:42) at redis.embedded.RedisServer.start(RedisServer.java:9) Solution use the latest one: https://mv   ...
Read more

Copying MDC Context Map in Web Clients: A Comprehensive Guide

By -
Image
Introduction In distributed systems, maintaining context across microservices is crucial for effective logging and tracing. The Mapped Diagnostic Context (MDC) in logging frameworks like Logback or Log4j allows developers to propagate contextual information such as request IDs, user IDs, or correlation IDs across threads and services. When using web clients to make outgoing requests, it's essential to propagate the MDC context map to ensure consistency and traceability. This guide will provide   ...
Read more

Reset user password for your own Ghost blog

By -
Image
If you do not config mail up for your ghost blog, it maybe a big problem once you lost your user password. however, methods are always more than problems. We can fix it up by reset it. 1. Find out your database name in your ghost config, it is maybe in config.production.json   "database": {     "client": "mysql",     "connection": {       "host": "localhost",       "user": "ghost-452",       "password": "dade1b0565f2585e07c7",       "database": "ghost_production_acm" 2. Use mysql to reset the password. mysql -u root -p Enter the password for root account. mysql> use ghost_production_acm; mysql> select * from users; ghost use bcrypthash for the password. You can get bcrypt hash string from http://bcrypthashgenerator.apphb.com/ mysql>update users set password=' $2b$10$PaL8tKcU4i0CsjRrM6BhROVQMwwLFw2HSx/kWlAUgja23fNllc2Fy' where ...
Read more