Page 991 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 991
prompted to provide the password. If correct, the user is redirected to
the OpenID-enabled site.
OpenID Connect OpenID Connect is an authentication layer using
the OAuth 2.0 framework. Like OpenID, it is maintained by the
OpenID Foundation. It builds on the technologies created with
OpenID but uses a JavaScript Object Notation (JSON) Web Token
(JWT), also called an ID token. OpenID Connect uses a
Representational State Transfer (REST)–compliant web service to
retrieve the JWT. In addition to providing authentication, the JWT
can also include provide profile information about the user.
SAML is a popular SSO language on the internet. XACML
has become popular with software-defined networking
applications. OAuth and OpenID Connect are used with many web-
based applications to share authentication information without
sharing credentials.
Scripted Access
Scripted access or logon scripts establish communication links by
providing an automated process to transmit logon credentials at the
start of a logon session. Scripted access can often simulate SSO even
though the environment still requires a unique authentication process
to connect to each server or resource. Scripts can be used to
implement SSO in environments where true SSO technologies are not
available. Scripts and batch files should be stored in a protected area
because they usually contain access credentials in clear text.
Credential Management Systems
A credential management system provides a storage space for users to
keep their credentials when SSO isn’t available. Users can store
credentials for websites and network resources that require a different
set of credentials. The management system secures the credentials
with encryption to prevent unauthorized access.
