Realized was approached by one of their clients regarding implementing a new payment system. To utilize the new system, the API calls and requests a Single Sign On (SSO) token to verify Identity for adding PII information through the payment system as an iframe. The challenge of implementing an SSO token encryption lies in ensuring the secure transmission and storage of the authentication token used to facilitate seamless user access across multiple applications or services within an ecosystem. SSO is a mechanism allowing users to log in once and gain access to various interconnected systems without the need to re-enter their credentials for each application.
To implement the token encryption, many challenges need to be overcome and at the top of the list is Secure Key management. To encrypt and decrypt the SSO token, a secure encryption key must be used. Ensuring the confidentiality and availability of the encryption key is crucial. If the key is compromised, attackers could decrypt the tokens and gain unauthorized access. Therefore, the storing and use of this key is vital to functioning security. Our keys are stored in secure encrypted locations that are only accessible with verifiable credentials.
Now that the key is secured, the next step is to determine the best encryption algorithm to use. Selecting a robust and widely accepted encryption algorithm is extremely important. RSI used a Rijndael cipher with various paddings, buffers, and modes to ensure the encrypted token is properly obfuscated. The Rijndael cipher is resistant to known attacks and offers sufficient cryptographic strength to protect the token’s content.
Once the token along with the request are properly encrypted, it is sent to the integration site and the user’s information is verified before displaying to the user in the web page’s iframe location. To ensure that the users can be returned to their account page, a postback URL must be provided to ensure the user’s tokenized payment information was sent and successfully stored in the payment system.
Overall, successful implementation of SSO token encryption required careful consideration of these challenges to provide a secure and user-friendly authentication experience within the SSO ecosystem. All the token encrypting and passing between systems happens behind the scenes so that the user can have a seamless experience throughout