Single Sign On (SSO)

Single Sign On (SSO)

ํ•œ ๋ฒˆ์˜ ๋กœ๊ทธ์ธ์œผ๋กœ ์—ฌ๋Ÿฌ ๊ฐœ์˜ ์„œ๋น„์Šค๋“ค์„ ์ด์šฉํ•  ์ˆ˜ ์žˆ๊ฒŒ ํ•ด์ฃผ๋Š” ์‹œ์Šคํ…œ

SSO(Single Sign On)๋Š” ๊ฐ€์žฅ ๊ธฐ๋ณธ์ ์ธ ์ธ์ฆ ์‹œ์Šคํ…œ์ด๋‹ค. โ€˜๋ชจ๋“  ์ธ์ฆ์„ ํ•˜๋‚˜์˜ ์‹œ์Šคํ…œ์—์„œโ€™๋ผ๋Š” ๋ชฉ์ ํ•˜์— ๊ฐœ๋ฐœ๋œ ๊ฒƒ์ด๋‹ค. ์ฆ‰ ์‹œ์Šคํ…œ์ด ๋ช‡ ๋Œ€๊ฐ€ ๋˜์–ด๋„ ํ•˜๋‚˜์˜ ์‹œ์Šคํ…œ์—์„œ ์ธ์ฆ์— ์„ฑ๊ณตํ•˜๋ฉด ๋‹ค๋ฅธ ์‹œ์Šคํ…œ์— ๋Œ€ํ•œ ์ ‘๊ทผ ๊ถŒํ•œ๋„ ๋ชจ๋‘ ์–ป๋Š” ๊ฒƒ์ด๋‹ค.

SKํ…”๋ ˆ์ฝค์˜ ์—ฐ๊ณ„ ์‚ฌ์ดํŠธ์—์„œ๋Š” ํ•˜๋‚˜์˜ ํŒจ์Šค์›Œ๋“œ๋ฅผ ๊ฐ€์ง€๊ณ  ์ค‘๋ณต ๊ฐ€์ž… ์—†์ด ์ด์šฉํ•  ์ˆ˜ ์žˆ๋‹ค. ์ด๋Ÿฌํ•œ ์›น ๊ธฐ๋ฐ˜์˜ SSO๋Š” ๊ฐ€์ž…์ž์˜ ์ธํ„ฐ๋„ท ์‚ฌ์šฉ์— ๋Œ€ํ•œ ์ •๋ณด๋ฅผ ์ข€ ๋” ํšจ๊ณผ์ ์œผ๋กœ ์–ป์–ด๋‚ผ ์ˆ˜ ์žˆ๋‹ค๋Š” ์ด์  ๋•Œ๋ฌธ์— ์‚ฌ์šฉ๋ฅ ์ด ๋งค๋…„ ์ฆ๊ฐ€ํ•˜๊ณ  ์žˆ๋‹ค. ํ•˜์ง€๋งŒ ๊ฐœ์ธ์ •๋ณด ๋ณดํ˜ธ ์ธก๋ฉด์—๋Š” ์šฐ๋ ค๋˜๋Š” ์ ์ด ๋งŽ์•„ ๊ธฐ์—…๊ณผ ๊ฐœ์ธ๊ฐ„์˜ ์ž…์žฅ์ด ์ƒ๋ฐ˜๋œ๋‹ค๊ณ  ๋ณผ ์ˆ˜ ์žˆ๋‹ค.

SSO์˜ ๊ฐ€์žฅ ํฐ ์•ฝ์ ์€ ์ผ๋‹จ ์ตœ์ดˆ ์ธ์ฆ์„ ํ†ต๊ณผํ•˜๊ณ  ๋‚˜๋ฉด ๋ชจ๋“  ์„œ๋ฒ„๋‚˜ ์‚ฌ์ดํŠธ์— ์ ‘์†ํ•  ์ˆ˜ ์žˆ๋‹ค๋Š” ๊ฒƒ์ด๋‹ค. ์ด๋ฅผ Single Point of Failure ๋ผ ํ•œ๋‹ค. ์ด๋Ÿฌํ•œ ์น˜๋ช…์ ์ธ ์•ฝ์ ์„ ๋ณด์™„ํ•˜๊ธฐ ์œ„ํ•ด ์ค‘์š” ์ •๋ณด์— ๋Œ€ํ•œ ์ ‘๊ทผ ๋ฐ ๋™์ž‘ ์‹œ ์ง€์†์ ์ธ ์ธ์ฆ(Continuos Authentication)์„ ํ•˜๋„๋ก ๋˜์–ด ์žˆ๋‹ค.

Opensource

Keycloak

Example

Authelia

Features

  • Several kind of second factor:
  • Password reset with identity verification using email confirmation.
  • Single-factor only authentication method available.
  • Access restriction after too many authentication attempts.
  • Fine-grained access control per subdomain, user, resource and network.
  • Support of basic authentication for endpoints protected by single factor.
  • Highly available using a remote database and Redis as a highly available KV store.
  • Compatible with Kubernetesย ingress-nginxย controller out of the box.

Hydra

Leave a comment