Developing a Single Sign-On System - A Java-based authentication platform aimed at the web.

Abstract

A typical computer user today, spends a lot of her time on the Web. As a part of this, she often needs to type her username and password at a dozen different sites or more every day. To cope with this, users typically choose simple passwords or reuse a few ones. This lowers the security of the system and increases the risk of an attacker being able to compromise the user’s account(s). The goal of this thesis is to build a so called single sign-on system which solves these problems. The result is NaviBase, a system based on the Java technology stack, which uses the Security Assertion Markup Language to provide single sign-on services to applications and users. The system consists of two primary components; NaviBase, the server component which holds all information and processes requests; and SamlLib, a slimmed-down implementation of the SAML protocol. In retrospect, a focus on sound development principles and using well known design patterns proved successful and preliminary security auditing suggest the system is sufficiently secure. On the flip side, much time was spent on unplanned activities and the system is somewhat hurt by a lack of focus on usability.