``Rasulullah S.A.W bersabda yang bermaksud : "Adakah kamu mahu aku memberitahu kamu tentang suatu perkara yang aku takuti ke atas kamu daripada dajal? Mereka menjawab ; Sudah tentu wahai Rasulullah! Baginda pun berkata. " Syirik Khafi iaitu seorang lelaki bangun bersembahyang lalu dia memperelokkan sembahyangnya kerana ada orang memperhatikannya" ' '

Sunday, March 27, 2011

Single Sign on Server Appliance (SSOSA) V.01

User can change their credential here (username and password) and will update immidietely.

Single Sign-on (SSO) are a highly general term usually referring to the provision designing a centralized authentication for a multiple service through a unified a user friendly server user interface. This system is designed to minimize the user must type their ID and password to sign into multiple application. This project solution is after user login to the master key server, (that we currently develop) it will directly log on to appropriate server using single username and password.

Aim :
To develop a system on Single Sign-on Server Appliance (SSOSA)to produce centralized authentication for multiple services through a unified and user friendly server user interface.


  • To investigate the problem from the user requirement and create a computerized system
  • To analyze a user requirements
  • To create a the system
  • To testing a system
  • To produce a “Single Sign-on server appliance”

Scope of Project :

An important part of this project will be to implement the Single Sign On solution proposed as a technical feasibility study. Functionality is the main focus of this version. The prototype will have all the functionality required to successfully perform a usability test. Since the password security of the solution is important for the users, this function also will be implemented.

SSOSA : A Centralized Authentication SSO

A centralized Single Sign-On server is a model that has a dedicated authentication server which handles all user information and controls tickets or tokens. The client logs on to the server and gets a circle-wide valid ticket to access applications within boundaries. Every request to a service is first directed to the central SSO server.The user logs on with credentials and gains a circle-wide personal ticket. SSO forwards the client's request to the desired service by using return addresses from the service. The application varies the given ticket and, if correct, grants access.

Authentication is the process where an entity provides proof that it is who it is claiming to be. Authentication is any process by which you verify that someone is who they claim they are. This usually involves a username and a password, but can include any other method of demonstrating identity, such as a smart card or fingerprints. The Lightweight Directory Access Protocol (LDAP) has become the Internet standard for access to structured information, in particular information in the format of an X.500-like tree. To access the LDAP service,
the LDAP client first must authenticate itself to the service. It must tell the LDAP server who is going to be accessing the data so that the server can decide what the client is allowed to see and do. If the client authenticates successfully to the LDAP server, then when the server subsequently receives a request from the client, it will check whether the client is allowed to perform the request. LDAP is the central source for authentication and user authorization.

Choosing the right application development model could help in ensuring the success of an application development project. The system methodology that has been chosen to develop Single Sign on Server Appliance is the Reuse-Based Development. Reuse-Based model consists of 4 phases examine requirement and existing solution, reconfiguring, requirement modification, and integrating.

· Examine Requirement and identify solution following the reuse plan

1. Specific objectives for the phase are identified and identifying the key risk and analyzes the risk to make sure the risks are reduced. Studying the problem and available solution and developing a reuse plan and strategy.

· Reconfiguring the solution or structure to improve reuse

1. At this stage, will involve the developing system based on latest Linux technology and integrate it into single interface

2. This phase will involve the developing of the server using Linux centOS 4.2 OS together Webmin version 1.510 Red Hat Enterprise 4.2.

· Requirement modification

1.Modify the system according user and system requirement.

2.To meet the allocated requirement.

3.In this process, server needs to be integrated with Lightweight Directory Access Protocol (LDAP) and all modules contain in this server need to be grouped with this authentication method based on domain name “sox.com”.

· Integrating the reuse and any developed component into the product

1.After we create a system based on the user and system requirements, we go to the next stages that are implementation part, this part involve installing and deploy into it. After we finished developing a system, we test the system before passed to user to make sure that the system meet the requirement, achieve a goals and objectives. If have a problem, we try to re-design or re-implement the system.This step involving process setting up servers including Sendmail Email Server, Samba Windows File Sharing Server and Web Apache server by using SSH secure transfer software.


Using LDAP authentication, let user to Login to sox.com email server and sox.com file server using the same username and password. (stored in main server). Objective have been achieved.


In general, it can be concluded that the development of a Centralized SSO for “Single Sign on Server Appliance” is to produce a systematic management of password management. This application hopefully to help in reducing the password management needs of the user in allowing them to access in multiple applications with just remembering single password. We will also try to define the different approach used by other companies in developing a solution.

Copyright @ 15/04/11 by Mohd Zulkifli Bin Radzuan (51262208461)

All rights reserved for Single Sign On Server Appliance


Special Thank for technical support of Linux CentOS Team, Alan Bartlett, Pchaff, Niki, A. Syeridan, Capten and everybody involve in developing my server. May god bless you all.