“SAML Profile: securely sharing digital identity information,” Book

FREE Diabetes Recipes eBook! Click here to redeem.

On multi-site SSO (such as Passport), had previously been not understand how the user can rest assured that your passport will tell a third party site ID and password.
Now understand, validate the user ID and password in the source site, and third-party sites are the destination site, it can only accept the user account and then send the request to the source site to verify that the user is legitimate (that is registered).
Users log in the source site, the user’s browser to store a cookie, the browser that the certificate, which is a hash string. When the user logs on the destination site, the destination site sends a request to the source site, the browser included in the certificate request the purpose of the site’s purpose is to send the request the browser to verify the certificate is valid.
Overall, the browser certificate is the source site and destination site, the link between the chips is also a game both sides: for the source site, it must ensure that the user account security, it can not be directly exposed to the user ID and password to the destination site Therefore, the source site is only a short time to prove user’s identity certificate to the destination site; for the purpose of the site, to include site security, it can not all operations on the site are exposed to the user, it must be the user authentication, so it had to be sent to the browser certificate to identify the user as the source site.