Sorry, you need to enable JavaScript to visit this website.

Feedback

Your feedback is important to keep improving our website and offer you a more reliable experience.

gSSO

gSSO or ‘glib-Single-Sign-On’ is an extensible, secure storage and a single sign-on service for Linux-based platforms. Its password and authentication management supports all the common authentication protocols, like OAuth, Digest and SASL out of the box. gSSO is extensible, based on a plug-in architecture.

gSSO is a middleware component at the lower bounds interfacing towards platform security features and network. System components are described in this chapter.

gSSO UML diagram

signon-glib

signon-glib provides glib-based client API for applications. Objects are cached locally and remote objects are created on-demand.

Three major classes are used to represent the object model:

  • AuthService class represents the highest level service view towards the service daemon.
  • Identity class represents a credential object at the service daemon side, either stored or non-stored temporary item.
  • AuthSession class represents an authentication session. Session is instantiation of a plug-in object.

There are also three major data model classes:

  • IdentityInfo is a model of a credential and related metadata.
  • SessionData is an extensible model of data needed to perform an operation on an AuthSession.
  • SecurityContext is a 2-tuple of platform security identifier and application context identifier

signon-ui

signon-ui is a user interface dialog service for displaying various authentication and authorization dialogs. Design and implementation of this component is usually product family and form factor dependent. signond-ui interfaces use a separate protected interface with the gsignond.

gsignond

gsignond is the central daemon providing a dbus-service towards client applications. The glib-based plug-in API is provided for integrating new methods. Each plug-in is run as a separate process and the plug-in API makes this completely transparent from the method implementation point of view. An extension API is used to create suitable platform adaptations. Each extension is intended to provide adaptation to a certain platform/configuration.

gsignond-secret-storage

gsignond-secret-storage provides a default database implementation for storing secrets. This implementation is based on the SQLite database.

gsignond-ac-manager

gsignond-ac-manager is responsible for verifying the caller’s access rights to the request, based on the platform security rule set. Base class implements a no-op access control manager. In addition, on Tizen, a SMACK-based access control manager is provided.

gsignond-storage-manager

gsignond-storage-manager is responsible for managing underlying storage for the gsignond-secret-storage database. Base class implements a basic XDG standard-based file system access. In addition, on Tizen, an ecryptfs-based encrypted storage file system access is provided.

gsignond-plugin-digest

gsignond-plugin-digest implements RFC 2617 standard HTTP DIGEST authentication. All necessary digests are generated without exposing credentials to the requesting application.

gsignond-plugin-sasl

gsignond-plugin-sasl implements RFC 4422 standard the SASL authentication method and the most used standard mechanisms.

signond-plugin-oauth

gsignond-plugin-oauth implements both RFC 5849 standard OAuth 1.0 and RFC 6749 standard OAuth 2.0 methods. This plug-in, together with the framework, acts as a user agent, as described in the standards.

gsignond-plugin-x509

gsignond-plugin-x509 handles various different operations and queries for X.509 certificates, specified by RFC 5280 and RFC 6818. These operations are performed without exposing the related keys to the requesting application.

Project: