Multilevel multifactor single sign-on

The single sign-on mechanism (SSO) is a well-known technique to protect access to a set of resources that require prior authentication and authorization. In this work we design an SSO solution consisting of a central authentication server and a user directory, dedicated to protect a set of internal...

Descripción completa

Detalles Bibliográficos
Autor: Linares Zapater, Angel
Tipo de recurso: tesis de maestría
Fecha de publicación:2019
País:España
Institución:Universitat Oberta de Catalunya (UOC)
Repositorio:O2, repositorio institucional de la UOC
OAI Identifier:oai:openaccess.uoc.edu:10609/107189
Acceso en línea:http://hdl.handle.net/10609/107189
Access Level:acceso abierto
Palabra clave:login attribute retrieval
multifactor authentication
multilevel authorization
autenticación multifactor
autorización multinivel
login de atributos en bloque
autenticació multifactor
autorització multinivell
login d'atributs en bloc
Computer security -- TFM
Seguretat informàtica -- TFM
Seguridad informática -- TFM
Descripción
Sumario:The single sign-on mechanism (SSO) is a well-known technique to protect access to a set of resources that require prior authentication and authorization. In this work we design an SSO solution consisting of a central authentication server and a user directory, dedicated to protect a set of internal applications behind a perimeter network. We explore how to define complex security policies to set multiple levels of authorization so that some users may only be able to access a subset of the resources depending on their authorization level. Also, we test the use of multiple factors of authentication to access the resources by requesting different types of user credentials (e.g., username/password pairs or digital certificates). We also demonstrate how passing information to the client applications about login attributes allows implementing more complex authorization techniques. Finally, we implement a basic case of a single sign-off mechanism.