Federated single-sign on (SSO) standards like SAML and WS-Federation provide secure mechanisms for passing credentials and related information between different web sites that have their own authorization and authentication systems. SAML is an open standard developed by the OASIS Security Services Technical Committee. SAML 1.0 was ratified as an OASIS standard in November, 2002. WS-Federation was developed by a group of companies led by Microsoft and it offers equivalent federated SSO functionality to SAML.
The SAML protocol has seen significant success, gaining momentum in financial services, higher education, government, and other industry segments. SAML support has been broadly implemented by all major Web access management vendors. The U.S. Government General Services Administration (GSA) requires all vendors participating in the US E-Authentication Identity Federation program to be SAML 2.0 compliant.
SAML compliant web sites exchange user credential information via SAML assertions. A SAML assertion is an XML document containing trusted statements about a subject including a username, privileges, etc. SAML assertions are usually digitally signed to ensure their authenticity.
Many large enterprises have deployed federated Identity and Access Management (IAM) systems such as CA SiteMinder, Sun Microsystems Open SSO, or Windows ADFS on their corporate intranets. These IAM systems handle the user authentication and single sign-on (SSO) requirements for employees and partners. IAM systems use the SAML or WS-Federation protocols to interoperate with partner web sites outside their firewalls. Customers can utilize their IAM systems to automatically authenticate their users to WebEx Meetings services. This will increase efficiency since users do not have to remember their WebEx Meetings username and password to host meetings. Security is increased over current URL API based SSO integrations since no WebEx Meetings passwords will be stored or transmitted.
Approaches to SSO
Want to learn more? This tech note provides guidance on several approaches to implementing single sign-on behavior with both the URL and XML APIs.
Visit the WebEx Developer Forum to ask questions and interact with other developers.