What is the Challenge?
A leading Insurance Company approached Realized Solutions about implementing a new payment system. For utilizing this new system, the API calls and requests a required SSO Token to verify the identity of adding PII information through the payment system as an iframe. The challenge of implementing Single Sign-On (SSO) token encryption lies in ensuring the secure transmission and storage of the authentication token used to facilitate seamless user access across multiple applications or services within an ecosystem. SSO is a mechanism that allows users to log in once and gain access to various interconnected systems without the need to re-enter their credentials for each application.
What is the Solution?
To implement the token encryption, many challenges must be overcome, the top of the list being Secure Key management. To encrypt and decrypt the SSO token, a secure encryption key must be used. Ensuring the confidentiality and availability of the encryption key is crucial. If the key is compromised, attackers could decrypt the tokens and gain unauthorized access. Therefore, the storing and use of this key is vital to functioning security. Our keys are stored in secure encrypted locations that are only accessible with verifiable credentials.
Once the key is secured, next was to determine the best encryption algorithm to use. Selecting a robust and widely accepted encryption algorithm is extremely important. We used a Rijndael cipher with various paddings, buffers, and modes to ensure the encrypted token is properly obfuscated. The Rijndael cipher is resistant to known attacks and offers sufficient cryptographic strength to protect the token’s content.
Once the token along with the request are properly encrypted, they are sent to the integration site and the user’s information is verified before displaying to the user in the web pages iframe location. To ensure the users can be returned back to their account page, a post back URL must be provided to ensure the user’s tokenized payment information was sent and successfully stored in the payment system.
What is the Result?
Overall, successful implementation of SSO token encryption required careful consideration of these challenges to provide a secure and user-friendly authentication experience within the SSO ecosystem. All the token encrypting and passing between systems happens behind the scenes so that the user can have a seamless experience throughout.
