Single sign-on: A solution approach to address inefficiencies during sign-out process

Lokesh Saravanan Ramamoorthi, Dilip Sarkar

Research output: Contribution to journalArticlepeer-review

Abstract

In a Single Sign-on (SSO) environment, an Identity Provider (IDP) authenticates a user for the first Service Provider (SP). The IDP creates an active IDP session and stores its information in the user’s web browser. Each SP also creates and maintains one active service session. Using state-transition diagrams, we illustrate sign-in and sign-out processes. An information security vulnerability situation is created because users are unaware of an active IDP session in the user’s browser and signs-out only from SP sessions. One solution to this problem is educating users. Another solution is to implement the SSO that ensures the termination of the IDP session as soon as user signs-out from all services that the IDP authenticated. The first solution appears to be simple, but practically an impossible task to educate millions of web based SSO users worldwide. The second solution is better because one good implementation solves the problem for all users. In this article, we propose several solutions for terminating the hidden active IDP session. Also, we review the data storage-methods commonly used for storing information of SP and IDP sessions in the browsers. Moreover, we propose a browser extension for conveniently and efficiently managing active SP and IDP sessions. In our proposed browser extension, we have recommended IndexedDB browser storage for storing active session information. We believe our proposed browser extension is simple, but efficient solution for eliminating hidden active IDP session.

Original languageEnglish (US)
Pages (from-to)195675-195691
Number of pages17
JournalIEEE Access
Volume8
DOIs
StatePublished - 2020

Keywords

  • Authentication
  • Authorization
  • Identity provider
  • Information security
  • Service provider
  • Single sign-on
  • Web browser security

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Fingerprint

Dive into the research topics of 'Single sign-on: A solution approach to address inefficiencies during sign-out process'. Together they form a unique fingerprint.

Cite this