Vinsamlegast notið þetta auðkenni þegar þið vitnið til verksins eða tengið í það: http://hdl.handle.net/1946/36559
A commonly used method of authentication on the Internet is to provide a combination of a username and a password. One way to make this method more secure is to have long passwords. Single sign-on solutions have led to users having to remember fewer passwords and the passwords can, therefore, be longer than previously. Different standardized frameworks can be used when implementing these types of solutions, each with various advantages and disadvantages.
This thesis examines different authentication and authorization frameworks available to integrate a centralized single sign-on solution with an existing system. The studied frameworks are OAuth 2.0, OpenID Connect, SAML, LDAP, Kerberos and RADIUS. These frameworks are reviewed and compared with each other on a high level with an emphasis on security and features. A subset of them, namely OAuth 2.0, OpenID Connect and SAML, is chosen to be more extensively evaluated through integration with Hibox Systems's internal solution. The reliability of the system is tested through simulating heavy load conditions, while successful throughput and system resource usage are used as metrics to determine the efficiency of the system.
The integration of both OpenID Connect, combined with OAuth 2.0, and SAML had a smooth user experience during normal authentication flows, but the combination of OAuth 2.0 and OpenID Connect had an advantage over SAML during heavy load conditions. The user experience was kept on a reasonable level for a larger number of simultaneous users with the OpenID Connect and OAuth 2.0 integration and the frameworks are therefore deemed to be better suited for the given use case.