When you are implementing a Single-Sign-On Solution (SSO), one of the features that the vendor might provide is the Windows Desktop SSO.

The Windows Desktop SSO authentication module is a Kerberos-based authentication plug-in module targeted for Windows desktop users.

In order to perform Kerberos-based single sign-on to SSO, the user on the client side must support the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) protocol.

The Windows Desktop SSO provides an authentication solution that allows Windows clients to use a browser like Firefox or Microsoft Internet Explorer (IE) to access resources on the Network protected by SSO without having to reauthenticate.

This means that users with a browser can access resources protected by SSO without having to reenter their username and password. The user need only login once to the Windows domain, as is typically done when logging in to Windows on a desktop workstation.

Usually the Windows Desktop SSO implementation involves two pieces:

o Simple and Protected GSS-API Negotiation Mechanism (SPNEGO)
o Kerberos authentication

The SPNEGO protocol mechanism enables SSO to negotiate with the browser to establish the authentication mechanism to use. The browser supplies Kerberos authentication information. SSO knows how to use the user’s Kerberos authentication information when processing a user request to access resources protected by SSO

You can check the next link (OpenSSO – Authentication: Windows DesktopSSO ) to see how Windows Desktop SSO is configure in OpenSSO.

[snap url=”http://blog.eknittel.com/2009/03/02/opensso-authn-wdtsso/” alt=”Windows Desktop SSO” w=”200″ h=”300″ link=”on” title=”Windows Desktop SSO”]