Abstract:
Single sign-on means that users only need to use one set of authentication credentials
to authenticate to several service providers. Single Sign-On (SSO) Mechanism is the
most popular authentication mechanism and is used by most of companies now adays.
Single sign-on solutions allow users to log in only once and after that they can access
multiple applications because identities of users are automatically verified by relying
parties. There are many single sign-on protocols available for implementing it. These
single sign-on protocols suffer from some authentication flaws that allows a malicious
service provider to impersonate the user and by injecting malicious script through
which user’s account can be hijacked. In this work cross site scripting attack has been
identified on SSO. There are many approaches available to prevent this attack but
none is fully preventing the attack because still this attack is present at this moment.
So here this work proposes prevention approach against XSS attack while using SSO.
This approach includes JavaScript Detection procedure and XSS filtering process to
prevent XSS attack. This work also presents some results and discussion on
implementation.