Secured approach for single sign-on mechanism

Abstract

Single sign-on means that users only need to use one set of authentication credentials to authenticate to several service providers. Single Sign-On (SSO) Mechanism is the most popular authentication mechanism and is used by most of companies now adays. Single sign-on solutions allow users to log in only once and after that they can access multiple applications because identities of users are automatically verified by relying parties. There are many single sign-on protocols available for implementing it. These single sign-on protocols suffer from some authentication flaws that allows a malicious service provider to impersonate the user and by injecting malicious script through which user’s account can be hijacked. In this work cross site scripting attack has been identified on SSO. There are many approaches available to prevent this attack but none is fully preventing the attack because still this attack is present at this moment. So here this work proposes prevention approach against XSS attack while using SSO. This approach includes JavaScript Detection procedure and XSS filtering process to prevent XSS attack. This work also presents some results and discussion on implementation.