Federation versus SSO

May 15, 2018 at 12:15 pm

Cloud+

I am writing this post as I teach another Nugget for the upcoming release of CompTIA Cloud+ (2018 version) at CBT Nuggets!

This topic comes up several times in the course, and for today’s Nugget it has to do with extending an existing infrastructure into the cloud. Something that becomes more popular every day in hybrid cloud environments!

Most of us are familiar with SSO (Single Sign On) as we have been configuring it in our IT networks for decades now. The idea is a user inputs their username and password once (typically at workstation log in) and then that information is passed to other applications and resources that need it.

So what is Federation and how is it different? Federation allows SSO, but without passwords! A Federation Server knows the username for the network entity and presents this to the application or service as a token. It is worth mentioning again here that there is no password involved. The SSO functions because of trust between the systems that the Federation Server is aware of.

Token passing in Federation is made possible thanks to standard identity protools like – SAML, OpenID, WS-Trust, WS-Federation, and OAuth.

Another term you might come across today is Enterprise SSO. Like “normal” SSO, a password is required, but here that password is input for the user thanks to specialized software.

I hope you found this interesting and I also hope you will join me in the upcoming Cloud+ course!