Our everyday life is closely accompanied by the internet. We communicate with our peers on the net, share memories on social media, we shop online, search for answers to various questions in forums and much more. All these services usually require a login via username and password. With intensive use of various online services, it is sometimes easy to lose track of everything. This can often lead to downright password chaos. Single Sign-On (SSO) is intended to remove or precisely prevent this chaos.
The advantages of SSO
Single Sign-On is an authentication method that gives users access to different websites or services via a single authentication step. SSO eliminates the need for separate logins to different services and requires users to enter their credentials only once. SSO offers numerous advantages, both in terms of compliance and security. On the one hand, single sign-on saves a considerable amount of time. Thanks to SSO, users no longer must set up accounts and think up usernames and passwords for each individual service. On the other hand, it also reduces the possibility of attacks. Users only need to log in with one set of credentials, and they only need to provide them in one place. This makes cyberattacks such as phishing much more difficult. With single sign-on, users must check this one spot only (e.g., a specific website, its URL, certificates, etc.) for trustworthiness. Also, the willingness to use a more complex and thus more secure password is significantly increased because users only must remember one password for different services.
SSO at RWTH Aachen University
At RWTH Aachen University, too, more and more content is being made available via web applications. Since this content is particularly dynamic and often only intended for certain user groups, central access control is indispensable. The authentication service used by RWTH is Shibboleth. The RWTH’s central Shibboleth service is operated by the IT Center and enables members of the university to log on to various systems and applications with a single identity. This includes not only systems and applications of the RWTH, but also numerous services of other universities that are members of the German Research Network (DFN AAI) just like the RWTH.
How does it work?
As an authentication service, Shibboleth receives selected information from the central user administration. For example, core data, roles and authorisations of the users are transmitted from the RWTH’s Identity Management (idM). For example, if a student is hired as an employee, he or she will receive a new role in idM. The user authorisations also change with this new role. This information is automatically forwarded to Shibboleth and the user can use the services to which he has authorised access. They do not have to create any new accounts, usernames, or passwords.
Single sign-on, when used correctly, offers great advantages and opportunities, especially for institutions and companies. For users, it not only represents a considerable time saving, but also offers the possibility of using a single access record. This reduces loopholes and increases security within the user community. From a service provider perspective, SSO also simplifies many administrative tasks as these processes can be addressed at the group level rather than for each individual user. Especially for new students and staff, this solution is intended to be a great relief. At RWTH, single sign-on has quickly become an essential part of the system.
Responsible for the content of this article is Stéphanie Bauens.