SSO是什么?

SSO具体是什么意思~

SSO英文全称Single Sign On，单点登录。SSO是在多个应用系统中，用户只需要登录一次就可以访问所有相互信任的应用系统。它包括可以将这次主要的登录映射到其他应用中用于同一个用户的登录的机制。它是目前比较流行的企业业务整合的解决方案之一。

单点登录简单说就是：

现在有ABCDE等五个系统，现在只需要在其中一个系统上登录，就会在所有的其他系统上成功登录。

具体的查看下面的百度百科，我就不再另详述了，如果有什么疑问你再补充

微软已经推出了Office System，其中的SharePoint Portal Server 2003（以下简称SPS2003）可以用来快速地建立起一个门户网站，可以使企业内用户轻易地找到所需要的信息，协同工作，同时，也可以向Internet上的用户提供一个信息查询的门户网站。

如果用户的客户端和SPS2003服务器以及其他一些服务器（例如Exchange Server）在同一个域中，那么通过SPS2003的网站，访问其他的信息是一件轻而易举的事情，但在很多时候，可能会遇到下面的问题：

1. 客户端并没有加入到域中，或者客户端通过虚拟专用网（VPN）接入公司网络。此时，在访问所有的服务器时，都需要输入用户信息。

2. 用户会使用一些第三方的产品，无法将这些服务器加入到域中。此时，即使登录了SPS2003的网站，在访问其他服务器的时候，还是会出现需要用户信息的窗口。

正是基于以上的需求，在SPS2003中，有一项新的功能—Single Sign On(以下简称SSO)。SSO的基本思想就是：

建立一个加密的数据库，把用户的认证信息，存放到这个数据库中。当成功地验证了登录SPS2003网站的用户身份以后，就可以从加密的数据库中，获得用户的信息，从而用来访问其他的服务器或者一些第三方的服务器。

Single sign-onFrom Wikipedia, the free encyclopediaSingle sign-on (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software systems.As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.Contents [hide]1 Benefits2 Criticisms3 Common Single Sign-On Configurations3.1 Kerberos based3.2 Smart card based3.3 OTP Token3.4 Integrated Windows Authentication4 Shared authentication schemes which are not single sign-on5 See also6 References7 External links[edit]BenefitsThis section does not cite any references or sources.
Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.(September 2010)Benefits include:Reduces phishing success, because users are not trained to enter password everywhere without thinking.Reducing password fatigue from different user name and password combinationsReducing time spent re-entering passwords for the same identityCan support conventional authentication such as Windows credentials (i.e., username/password)Reducing IT costs due to lower number of IT help desk calls about passwordsSecurity on all levels of entry/exit/access to systems without the inconvenience of re-prompting usersCentralized reporting for compliance adherence.SSO uses centralized authentication servers that all other applications and systems utilize for authentication purposes, and combines this with techniques to ensure that users do not actively have to enter their credentials more than once.SSO users need not remember so many passwords to login to different systems or applications.[edit]CriticismsThis section does not cite any references or sources.
Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.(September 2010)The term enterprise reduced sign-on is preferred by some authors[who?] who believe single sign-on to be impossible in real use cases.As single sign-on provides access to many resources once the user is initially authenticated ("keys to the castle"), it increases the negative impact in case the credentials are available to other persons and misused. Therefore, single sign-on requires an increased focus on the protection of the user credentials, and should ideally be combined with strong authentication methods like smart cards and one-time password tokens.Single sign-on also makes the authentication systems highly critical; a loss of their availability can result in denial of access to all systems unified under the SSO. SSO can thus be undesirable for systems to which access must be guaranteed at all times, such as security or plant-floor systems.[edit]Common Single Sign-On Configurations[edit]Kerberos basedInitial sign-on prompts the user for credentials, and gets a Kerberos ticket-granting ticket (TGT).Additional software applications requiring authentication, such as email clients, wikis, revision control systems, etc., use the ticket-granting ticket to acquire service tickets, proving the user's identity to the mailserver / wiki server / etc. without prompting the user to re-enter credentials.Windows environment - Windows login fetches TGT. Active Directory-aware apps fetch service tickets, so user is not prompted to re-authenticate.UNIX/Linux environment - Login via Kerberos PAM modules fetches TGT. Kerberized client applications such as Evolution, Firefox, and SVN use service tickets, so user is not prompted to re-authenticate.[edit]Smart card basedInitial sign on prompts the user for the smart card. Additional software applications also use the smart card, without prompting the user to re-enter credentials. Smart card-based single sign-on can either use certificates or passwords stored on the smart card.[edit]OTP TokenAlso referred to as one-time password token. Two-factor authentication with OTP tokens [1] follows industry best practices for authenticating users[2]. This OTP token method is more secure and effective at prohibiting unauthorized access than other authentication methods.[3][edit]Integrated Windows AuthenticationIntegrated Windows Authentication is a term associated with Microsoft products and refers to the SPNEGO, Kerberos, and NTLMSSP authentication protocols with respect to SSPI functionality introduced with Microsoft Windows 2000 and included with later Windows NT-based operating systems. The term is used more commonly for the automatically authenticated connections between Microsoft Internet Information Services and Internet Explorer. Cross-platform Active Directory integration vendors have extended the Integrated Windows Authentication paradigm to UNIX, Linux and Mac systems.[edit]Shared authentication schemes which are not single sign-onThis section does not cite any references or sources.
Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.(September 2010)Single sign on requires that users literally sign in once to establish their credentials. Systems which require the user to log in multiple times to the same identity are inherently not single sign on. For example, an environment where users are prompted to log in to their desktop, then log in to their email using the same credentials, is not single sign on.[edit]See alsoList of single sign-on implementationsRelated conceptsCentral Authentication ServiceIdentity managementPassword fatigueOpenID[edit]References^ Examples are tokens by RSA Data Security, Vasco, Actividentity or Aladdin^ OTP use meets the guidelines in DOE Order 205.1 as well^ FAQ on OTP Tokens - One Time Password Tokens[edit]External linksSingle Sign-on Intro with DiagramsSPNEGO Http Servlet Filter - Open Source SSO LibraryCampusEAI Consortium myCampus QuickLaunch Single Sign-On and Central Authentication ServiceCategories: Identity management systems | Password authentication

不大清楚　我才开始学习数据库

---

香港特别行政区14770366528： sso(Single Sign On) - 搜狗百科？
段临加替： 如果一个路由处理器发生故障,会出现网络中断吗?不一定.当网络设备由一次察觉不到的中断故障中恢复时,那么网络就没有中断,因为就最终用户而言,既没有发生中断,也没有出现停机.但是,即使在一个路由处理器真地发生故障时,...

香港特别行政区14770366528： 谁都能看懂的单点登录实现方式 - ？
段临加替： SSO英文全称SingleSignOn(单点登录).SSO是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统.它包括可以将这次主要的登录映射到其他应用中用于同一个用户的登录的机制.它是目前比较流行的企业业务整...

香港特别行政区14770366528： 单点登录是什么? - ？
段临加替： SSO,也就是单点登录(single sign-on),它是一种认证方法,要求用户只登录一次, 使用一个用户ID和密码,登录多个应用、系统或Web网站.而Open Group对单点登录的定 义是“单点登录(SSO)是用户认证和授权的单一行为可以允许一位用户访问他的访问许 可中包含的所有电脑和系统,而不要输入多个密码的机制.单点登录减少了人为错误, 这是系统失败的重要因素,需求量很大,但很难实施.” 企业的单点登录(SSO)为终端用户提供了改善用户经验,帮助IT员工减少管理大量应用 上的密码的成本.

香港特别行政区14770366528： 路由器SSO是什么意思 - ？
段临加替： 用户在访问页面1的时候进行了登录,但是客户端的每个请求都是单独的连接,当客户再次访问页面2的时候,如何才能告诉Web服务器,客户刚才已经登录过了呢?浏览器和服务器之间有约定:通过使用cookie技术来维护应用的状态.Cookie...

香港特别行政区14770366528： Sso什么意思?？
段临加替： 你说的时 just so so 中的so so 吗?