For SSO to be achieved, this process needs to be repeated for each application accessed by the user. Various mechanisms can be used to reduce or eliminate the burden of logging in to each application, such as:
- Using a centralised authentication store for all applications (i.e. leveraging LDAP and Active Directory for authentication) - the user will have the same username and password for each application however will be expected to log in to each application.
- Using a domain trust to establish SSO - this could involve using a protocol like Kerberos to achieve single-sign on when the user is on the corporate network.
- Leveraging a Web Access Management (WAM) solution where all applications are protected by an access gateway, the user logs in once to the WAM gateway and gains access to all applications they are entitled to.
- Leveraging a shared cookie or token across multiple applications.
- Vaulting passwords and replaying them as a user access an application.
We see that to achieve the end goal of SSO between applications, we must replace the password with a trusted token (i.e. a kerberos ticket or a cookie) or system (i.e. a WAM).