Sorry, you need to enable JavaScript to visit this website.


Your feedback is important to keep improving our website and offer you a more reliable experience.


gSSO or ‘glib-Single-Sign-On’ is an extensible, secure storage and a single sign-on service for Linux-based platforms. Its password and authentication management supports all the common authentication protocols, like OAuth, Digest and SASL out of the box. gSSO is extensible, based on a plug-in architecture.

gSSO is a middleware component at the lower bounds interfacing towards platform security features and network. System components are described in this chapter.

gSSO UML diagram


signon-glib provides glib-based client API for applications. Objects are cached locally and remote objects are created on-demand.

Three major classes are used to represent the object model:

  • AuthService class represents the highest level service view towards the service daemon.
  • Identity class represents a credential object at the service daemon side, either stored or non-stored temporary item.
  • AuthSession class represents an authentication session. Session is instantiation of a plug-in object.

There are also three major data model classes:

  • IdentityInfo is a model of a credential and related metadata.
  • SessionData is an extensible model of data needed to perform an operation on an AuthSession.
  • SecurityContext is a 2-tuple of platform security identifier and application context identifier


signon-ui is a user interface dialog service for displaying various authentication and authorization dialogs. Design and implementation of this component is usually product family and form factor dependent. signond-ui interfaces use a separate protected interface with the gsignond.


gsignond is the central daemon providing a dbus-service towards client applications. The glib-based plug-in API is provided for integrating new methods. Each plug-in is run as a separate process and the plug-in API makes this completely transparent from the method implementation point of view. An extension API is used to create suitable platform adaptations. Each extension is intended to provide adaptation to a certain platform/configuration.


gsignond-secret-storage provides a default database implementation for storing secrets. This implementation is based on the SQLite database.


gsignond-ac-manager is responsible for verifying the caller’s access rights to the request, based on the platform security rule set. Base class implements a no-op access control manager. In addition, on Tizen, a SMACK-based access control manager is provided.


gsignond-storage-manager is responsible for managing underlying storage for the gsignond-secret-storage database. Base class implements a basic XDG standard-based file system access. In addition, on Tizen, an ecryptfs-based encrypted storage file system access is provided.


gsignond-plugin-digest implements RFC 2617 standard HTTP DIGEST authentication. All necessary digests are generated without exposing credentials to the requesting application.


gsignond-plugin-sasl implements RFC 4422 standard the SASL authentication method and the most used standard mechanisms.


gsignond-plugin-oauth implements both RFC 5849 standard OAuth 1.0 and RFC 6749 standard OAuth 2.0 methods. This plug-in, together with the framework, acts as a user agent, as described in the standards.


gsignond-plugin-x509 handles various different operations and queries for X.509 certificates, specified by RFC 5280 and RFC 6818. These operations are performed without exposing the related keys to the requesting application.