Single Sign-On Operating System Authentication
For ISVs, Architects, Developers, and Project Managers…
DataDirect Technologies understands that secure data exchange is critical to business systems that must maintain information security. As the data connectivity experts, we incorporate industry-standard security features into all of our DataDirect Connect line of high-performance data access middleware, including Single Sign-On operating system authentication. And it’s why we hired Internet Security Advisors Group (ISAG) to conduct an independent audit of the security features in DataDirect Connect.
Ira Winkler, founder of ISAG and well-known security expert, wrote the report, which documents his assessment and establishes the need for security features as an integral part of database drivers and providers. The report also provides important information if you’re looking to implement Single Sign-on (SSO) or data encryption.
Read the security report now, or call us at 1-800-876-3101 to speak with an expert about your data connectivity needs. You can also submit a Request for Information form and an account executive will contact you.
Scroll down this page to get more details about the Single Sign-On operating system authentication features in DataDirect Connect products.
DataDirect’s operating system (OS) authentication features let DataDirect Connect drivers integrate seamlessly into a Kerberos-based authentication mechanism. This allows your or your customers’ organization(s) to include database access in a Single Sign-On (SSO) environment that:
- Bolsters system security
- Eliminates the need for users to log in separately for each application
- Reduces the costs associated with managing user accounts
Data and applications are typically deployed in heterogeneous environments. Rights management for applications must address the fact that data often spans a wide variety of applications, firewalls, operating systems, database management systems, etc. Implementing rights management can be extremely difficult without an integrated Identity Management framework. The Identity Management implementation in DataDirect Connect products relies on the de facto industry standard Kerberos, available on most platforms, which establishes identity at logon.
An authenticated user who starts a business application is not prompted for a user ID/password, since the application (via the Kerberos protocol) uses OS-based network facilities to determine the validated network user name. The application, database server, and the Key Distribution Center (KDC) running on LDAP interact using the Kerberos protocol to authenticate the user. Such integrated authentication eliminates the need for multiple user IDs, logins, and account databases and replaces the transmission of such authentication with hardened, Kerberized credentials.
The table shown here highlights the benefits of an application environment that leverages integrated authentication:
Multiple Sign-On |
Integrated Authentication |
Benefit |
User IDs and passwords are sent across the network. |
Authentication is enabled via shared secrets / encryption; a password is never sent across the network. |
Eliminates security vulnerabilities such as packet sniffing and router logging used to capture passwords. |
Multiple User IDs and System IDs required. |
Single User ID and elimination of System IDs. |
Reduces usability issues while strengthening security by not requiring users to write down and keep user ID/password information. |
Duplicates user information in multiple account databases. |
Single, centrally managed store of user account credentials. |
Lowers management costs and provides better security by allowing for rapid and comprehensive changes to and/or removal of a user’s credentials. |
Database activity logged with generic System ID. |
Database activity identified by User ID (delegated credentials). |
Better audit accuracy assists compliance efforts. |
For an organization to successfully implement Single Sign-On across the enterprise, all components must be able to participate. DataDirect provides the most consistent Kerberos-enabled data access middleware implementation on the market. DataDirect Connect products also offer many features that are not readily available or are even unique in the middleware market.
Feature |
Description |
Benefit |
Delegation of Credentials |
DataDirect provides the ability to delegate the user credential through the programs involved in the application stack. |
Allows application to authenticate the real user vs. an administrative ID that is less secure and obfuscates DB activity. |
Reauthentication |
DataDirect Connect provides the ability to re-associate a pooled connection with a different authenticated user. |
Applications that use connection pooling can more efficiently re-use connections while minimizing the number of connections required in the pool. |
True Type 4 JDBC support |
DataDirect provides the only (patent-pending) JDBC drivers on the market that support Windows authentication while remaining pure Type 4 JDBC drivers. |
Offers a choice of implementing a pure Java authentication that is not dependent on extraneous Windows components that need to be installed and maintained. |
To learn more:
The Internet Security Advisors Group (ISAG), an international information security firm specializing in security assessment, conducted a review of the architecture and functionality of the DataDirect Connect products. Read their report to get a deeper understanding of the technologies involved and DataDirect’s implementation of them.
Heard enough? Ready to try our products? Visit the download page for a free 15-day trial.
If you’d prefer to speak with an expert about your data connectivity needs, call 1-800-876-3101 or submit a Request for Information form and an account executive will contact you.
