6.2.1 Trusted Circle SSO Overview and Definitions

Before deploying SSO it is important to understand the following terminology.

• SSO: Single Sign-On. The ability to sign on to one application and be able access the other applications. The user identification is the same throughout all applications.

• Trusted applications. Applications sharing the SSO scheme (SSO Prefix) and trusting each other’s cookies and verifications. Also known as Peer SSO applications.

• Trusted circle. The circle of trusted applications. They share the same SSO Prefix.

• SSO Prefix. A string defined by the person deploying SSO and made known to applications so they can use it to find cookies generated by other applications in the same trusted circle. Applications with different prefixes are not in the same circle and the user needs to re-authenticate when moving between these applications. The prefix sometimes, but not always, explicitly contains the trailing - (“-”) in the configuration setting.

• Application ID. (appid). A unique string defined by the person deploying SSO for each application in the SSO circle.

• SSO Cookie. A token that the browser uses to remember that the user has authenticated to some application. The name of the cookie is of the form SSO_prefix-application ID. The value of the cookie is the SSO key, usually a session ID generated by the application.

• Cookie Domain. A domain within which the application is restricted to send cookies. This is a domain in the DNS sense.

• Verification URL. A URL used by one application to verify the cookie it found to another application.