Pubcookie

Pubcookie

Pubcookie is a protocol and a software package for providing single sign-on within web applications and websites of an organization. An untrusted web application authenticates the end user against a trusted authentication server via a trusted login server. The Pubcookie software is open source and licensed under the Apache License. Pubcookie was initially developed at the University of Washington in 1998.

Authentication process

The web application is installed on a web server equipped with a Pubcookie module. When an unauthenticated end user attempts to access the web application, the module sets two cookies ("pre-session cookie" and "granting request") and redirects the user to a Pubcookie login server. The granting request cookie is scoped so that it reaches the login server. It contains information about the application, requested resource and desired authentication service.

The login server now presents a login page, allowing the user to present a username and a password or some other kind of credentials. The login server forwards the information presented by the user to an authentication server. If the login server receives a response indication success, it sets two cookies ("login cookie" and "granting cookie") and redirects the user back to the web application. The granting cookie is scoped to reach the web application server, whose Pubcookie module uses the contents of the pre-session cookie and the granting cookie to generate the final "session cookie".

If the user needs to access another web application, the login server receives the login cookie and provides the granting cookie without presenting a login page. Notice that the web applications never receives the password (or some other secret) the user uses to authenticate.

The cookies the login server and the web applications exchange are encrypted using symmetric encryption to prevent eavesdropping. The granting cookie is digitally signed to prevent tampering. The cookies carry a timestamp to prevent replay attacks.

Limitations

Web browsers are typically configured to disallow third-party cookies or cookies scoped to multiple domain names. Since organizations rarely share domain names, Pubcookie is effectively limited to intra-organizational use.

See also

* Central Authentication Service — another open source single sign-on protocol

External links

* [http://www.pubcookie.org/ Official website]
* [http://www.pubcookie.org/docs/how-pubcookie-works.html How Pubcookie works]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Shibboleth (Internet2) — Shibboleth is an Internet2 [http://middleware.internet2.edu/ Middleware Initiative] project that has created an architecture and open source implementation for federated identity based authentication and authorization infrastructure based on SAML …   Wikipedia

  • CoSign single sign on — Developer(s) Research Systems Unix Group Operating system Cross platform Website …   Wikipedia

  • UM.SiteMaker — is a web based program, originated at the University of Michigan, that lets non technical people make highly customized websites and web databases. It is very flexible, and has been used to make sites that serve a wide variety of purposes,… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”