Question

Single sign-on ( SSO) is a feature that allows users to access multiple services belonging to the same organization without logging in multiple times. Once you’ve logged into a website that uses SSO, you won’t have to enter your credentials again when accessing another service or resource belonging to the same company. For example, if you’re logged into facebook.com , you won’t have to reenter your credentials to use messenger.com , a Facebook service.

单点登录（SSO）是一种功能，允许用户在不重复登录的情况下访问同一组织拥有的多个服务。一旦您登录了使用 SSO 的网站，您在访问同一公司的另一个服务或资源时便不需要再次输入凭据。例如，如果您已登录到 facebook.com，使用 messenger.com（Facebook 服务）时就无需重新输入凭据。

This practice is convenient for companies with many web services, because they can manage a centralized source of user credentials instead of keeping track of a different set of users for each site. Users can save time as well, since they won’t need to log in multiple times when using the different services provided by the same company. Since it makes things so much easier for both companies and users, SSO has become common practice on the internet.

这种做法对于具有许多网络服务的公司非常方便，因为它们可以管理集中的用户凭据来源，而不是为每个网站跟踪不同的用户集。用户也可以节省时间，因为他们在使用同一家公司提供的不同服务时不需要多次登录。由于它使公司和用户的事情变得更加容易，因此 SSO 已成为互联网上的常见做法。

But new vulnerabilities that threaten SSO systems have also emerged. In this chapter, we’ll talk about three methods developers use to implement SSO, as well as some vulnerabilities related to each approach.

但是，新的漏洞威胁单点登录系统也已经出现。在本章中，我们将讨论开发人员使用的三种实现单点登录的方法，以及与每种方法相关的一些漏洞。