1. 首页
  2. 服务
  3. JagNet
  4. JagNet SSO(单点登录)

JagNet SSO(单点登录)

SSO的标志



JagNet SSO(单点登录) builds on top of JagNet 身份验证. Not all web services using JagNet are SSO,  but all JagNet SSO services 使用JagNet身份验证

SSO为您做了什么

Once you log into 任何 JagNet SSO service through a Login page (either 学生登录 or 教职员工登录 ) ,  you will not need to provide a password again to use other JagNet SSO services 在浏览器会话期间 

What protective steps should I take when using SSO?

  • Ensure that your JagNet password is unique - do not use it 任何where else.
  • When using publicly accessible computers - in fact, when using 任何 computer on which you do not have a unique, personal login or security code -  be sure to close 任何 browser sessions once you are done. 即使这样也可能还不够;  you may need to clear out browser memory or take other steps. 公共设施 your are using should have guidance on steps to remove your personal data.
  • Finally, but of equal importance, take advantage of 多因素身份验证 (aka 2-step, 2-factor, dual factor, etc.). 无论可用. 这提供了 best protection of your data in the event of a compromised password. 这是链接 将此应用于JagMail:  JagMail 2因子身份验证 

这真的安全吗??

Paradoxically, SSO actually improves security over a bunch of separate passwords on 不同的服务器.

  • None of these web services stores your password. You are not providing your password to these servers at all:  you provide your password to our SSO processor, which communicates behind the scenes with the web service you are accessing to authenticate you.
  • Because the password exchange only occurs between your browser session and our SSO processor, we can ensure that adequate security controls and encrypted communication 使用信道.
  • You can quickly change your password if you have reason to believe it has been compromised (these days, this is most likely because someone fell prey to a "网络钓鱼" scheme and simply gave the password away)
  • In fact, the SSO processor itself does not have possession of your password. 它只是 asks our separate back-end directory system to confirm the password you provided.  Even in the directory system, your password is not stored in a retrievable, human readable form;  we save it in a non-reversible encrypted format generated whenever 你可以设置或更改它.  (for those interested in details, it's a Secure Salted Hash 随机加盐).  So we can't retrieve your actual password even if we want to,  but our directory system can take the password you offered the SSO processor, push it through a one-way numerical hash, and see if the results match.