Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2024 Mar 26;10(7):e28560.
doi: 10.1016/j.heliyon.2024.e28560. eCollection 2024 Apr 15.

A federated authentication schema among multiple identity providers

João Rafael Almeida  1   2 André Zúquete  1 Alejandro Pazos  2 José Luís Oliveira  1
Affiliations

A federated authentication schema among multiple identity providers

João Rafael Almeida et al. Heliyon. .

Abstract

Single Sign-On (SSO) methods are the primary solution to authenticate users across multiple web systems. These mechanisms streamline the authentication procedure by avoiding duplicate developments of authentication modules for each application. Besides, these mechanisms also provide convenience to the end-user by keeping the user authenticated when switching between different contexts. To ensure this cross-application authentication, SSO relies on an Identity Provider (IdP), which is commonly set up and managed by each institution that needs to enforce SSO internally. However, the solution is not so straightforward when several institutions need to cooperate in a unique ecosystem. This could be tackled by centralizing the authentication mechanisms in one of the involved entities, a solution raising responsibilities that may be difficult for peers to accept. Moreover, this solution is not appropriate for dynamic groups, where peers may join or leave frequently. In this paper, we propose an architecture that uses a trusted third-party service to authenticate multiple entities, ensuring the isolation of the user's attributes between this service and the institutional SSO systems. This architecture was validated in the EHDEN Portal, which includes web tools and services of this European health project, to establish a Federated Authentication schema.

Keywords: ELIXIR AAI; Federated authentication; IdP; OAuth 2.0; SSO.

PubMed Disclaimer

Conflict of interest statement

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Figures

Figure 1
Figure 1
Overview of the current strategy used for authenticating a user in the systems. Each environment has an individual IdP, and other applications, outside these environments, have their independent login modules.
Figure 2
Figure 2
Overview of the proposed architecture using a trusted third party system (ELIXIR AAI) as an account manager and keeping all IdP and the more confidential attributes inside each environment.
Figure 3
Figure 3
Overview of the registration flow between the four entities to access a service. Message details were omitted.
Figure 4
Figure 4
Overview of the authentication flow between the four entities to access a service. Message details were omitted.
See this image and copyright information in PMC

References

    1. Wilson Y., Hingnikar A. Solving Identity Management in Modern Applications. Springer; 2019. Single sign-on; pp. 151–157. - DOI
    1. Hu J., Sun Q., Chen H. 2010 3rd IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT) IEEE; 2010. Application of single sign-on (SSO) in digital campus; pp. 725–727.
    1. Bhosale S.K. 2008. Architecture of a Single Sign on (SSO) for Internet Banking.
    1. Radha V., Reddy D.H. A survey on single sign-on techniques. Proc. Technol. 2012;4:134–139.
    1. Armando A., Carbone R., Compagna L., Cuellar J., Tobarra L. Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering. 2008. Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for Google apps; pp. 1–10.

LinkOut - more resources