i4connected Knowledgebase 5.6

The Single-Sign-On Authentication Scheme

Abstract

Check out this article and learn more details about the recently integrated Single-Sign-On Authentication Scheme and its benefits concerning your system's security.

Since the i4connected 5.6.15 version, the Single-Sign-On authentication scheme was introduced.

The i4connected Single-Sign-On implementation enables the users of i4connected systems to log in once and use all web applications with one login: e.g., i4designer SCADA web applications, i4connected web applications, and the swagger API page.

The Sign-Sign-On authentication scheme introduces the following security improvements:

  • Data protection - The data-protection system secures sensitive data that can be exposed to attackers while following best practices for key rotation and encryption. The data-protection system uses symmetric-key encryption to protect data. A key containing random data is used to encrypt the data, and the same key is used to decrypt the data.

  • Distributed cache - This distributed cache shares session cookie information between the identity API and the API. To simplify it, if the Identity API sets some session value with “HttpContext.Session.SetString(…);” it could be read back by the API with “HttpContext.Session.GetString(…)”.

  • Ticket Store - The ticket store provides an abstract storage mechanic to preserve identity information on the server while only sending a simple identifier key to the client. This enables the client also to revoke an authentication ticket and the authenticated session is invalid.