What is Single Sign-On (SSO)
Definition according to Wikipedia:
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.
The following are the most common forms of single sign-on
- SSO based on classical windows application (most common version).
- SSO based on dedicated application (i.e. Atlassian Crowd), limited to certain other applications and services (in the example of Crowd mostly to further Atlassian Products).
Single Sign-on based on Kerberos
If the business uses an active directory by Microsoft (Windows Server 2003 or newer), an SSO can be implemented based on Kerberos. For the implementation, an Apache web server under Linux is a prerequisite, that will be connected to Confluence. An adapted version of the authentication module in Confluence will receive the user, that was previously authenticated by the Apache web server and signs him on to Confluence.
This form of SSO has only few disadvantages besides the system requirements. Users can only be switched, when the web browser does not conduct an SSO authentication, i.e. with an alternative browser, that does not access the SSO token.
Advantages of this type of SSO are:
- Automated sign-on to Confluence, when a user signs into Windows.
- Fallback to a standard login, i.e. for external employees, suppliers, …
- Mix of local user groups in Confluence and Active Directory / LDAP groups.
- Anonymous access to the complete Confluence or just to parts.
- Kerberos SSO is very reliable.