{"id":2571,"date":"2025-08-04T12:22:43","date_gmt":"2025-08-04T12:22:43","guid":{"rendered":"https:\/\/www.devopsconsulting.in\/blog\/?p=2571"},"modified":"2025-08-04T12:22:44","modified_gmt":"2025-08-04T12:22:44","slug":"architecture-for-the-single-sign-on-sso-and-centralized-authorization-system","status":"publish","type":"post","link":"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/","title":{"rendered":"Architecture for the Single Sign-On (SSO) and centralized authorization system"},"content":{"rendered":"\n<p>\u00a0Here is a breakdown of the architecture for the Single Sign-On (SSO) and centralized authorization system for\u00a0<code>HolidayLandmark.com<\/code>.<\/p>\n\n\n\n<p>This architecture is designed to be a&nbsp;<strong>decoupled, centralized identity management system<\/strong>. It separates the responsibility of user authentication and authorization from your individual applications, which simplifies management, enhances security, and provides a seamless experience for your users.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Core Architectural Components<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"682\" src=\"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1024x682.png\" alt=\"\" class=\"wp-image-2572\" srcset=\"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1024x682.png 1024w, https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-300x200.png 300w, https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-768x512.png 768w, https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image.png 1223w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The architecture consists of three main parts<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/www.linkedin.com\/pulse\/understanding-single-sign-on-sso-architecture-indra-nand-jha\"><\/a>:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Identity Provider (IdP):<\/strong>\u00a0This is the central hub of your authentication system<a href=\"https:\/\/dev.to\/karanpratapsingh\/system-design-single-sign-on-sso-2cdb\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>.\u00a0It handles all user logins, manages user identities (usernames, passwords, profiles), and issues security tokens. For your\u00a0<code>HolidayLandmark.com<\/code>\u00a0ecosystem, this would be a single, dedicated service.<\/li>\n\n\n\n<li><strong>Service Providers (SPs):<\/strong>\u00a0These are your individual applications that need to authenticate users<a href=\"https:\/\/www.fortinet.com\/resources\/cyberglossary\/single-sign-on\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>.\u00a0In your case, these are:\n<ul class=\"wp-block-list\">\n<li><code>HolidayLandmark.com<\/code>\u00a0(Laravel Dashboard)<\/li>\n\n\n\n<li><code>HolidayLandmark.com\/trips<\/code>\u00a0(Eventmie Laravel)<\/li>\n\n\n\n<li><code>HolidayLandmark.com\/events<\/code>\u00a0(Eventmie Laravel)<\/li>\n\n\n\n<li><code>HolidayLandmark.com\/blogs<\/code>\u00a0(WordPress)<\/li>\n\n\n\n<li><code>HolidayLandmark.com\/forum<\/code>\u00a0(Flarum Laravel)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>User&#8217;s Browser:<\/strong>\u00a0The user&#8217;s web browser acts as the intermediary, passing messages and redirection requests between the Service Providers and the Identity Provider.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">The Authentication and Authorization Flow<\/h2>\n\n\n\n<p>Here is a step-by-step walkthrough of how a user logs in and accesses your applications within this architecture<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/www.geeksforgeeks.org\/system-design\/single-sign-on-in-microservice-architecture\/\"><\/a><a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/aws.amazon.com\/what-is\/sso\/\"><\/a>:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Initial Access Attempt:<\/strong>\n<ul class=\"wp-block-list\">\n<li>A user navigates to one of your applications, for instance,\u00a0<code>HolidayLandmark.com\/trips<\/code>.<\/li>\n\n\n\n<li>The &#8220;Trips&#8221; application checks if the user is already logged in. Since it&#8217;s their first visit, they are not authenticated.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Redirection to the Identity Provider (IdP):<\/strong>\n<ul class=\"wp-block-list\">\n<li>The &#8220;Trips&#8221; application (the SP) does not show its own login form. Instead, it redirects the user\u2019s browser to your central\u00a0<strong>Identity Provider (IdP)<\/strong>.<\/li>\n\n\n\n<li>This redirection includes a request for authentication, identifying that the request originated from the &#8220;Trips&#8221; application.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>User Authentication at the IdP:<\/strong>\n<ul class=\"wp-block-list\">\n<li>The user sees the IdP&#8217;s login page and enters their single set of credentials (e.g., email and password).<\/li>\n\n\n\n<li>The IdP verifies these credentials against its central user database.<\/li>\n\n\n\n<li>The IdP also performs any necessary multi-factor authentication (MFA) at this stage.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Token Generation and Redirection Back to the SP:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Upon successful authentication, the IdP generates a\u00a0<strong>JSON Web Token (JWT)<\/strong>. This token is a secure, digitally signed package of information that includes:\n<ul class=\"wp-block-list\">\n<li>User identity (e.g., user ID, email).<\/li>\n\n\n\n<li>Authorization information (e.g., user roles like\u00a0<code>Admin<\/code>,\u00a0<code>Editor<\/code>\u00a0from your RBAC setup).<\/li>\n\n\n\n<li>An expiration time for the session.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The IdP then redirects the user&#8217;s browser back to the &#8220;Trips&#8221; application, including this JWT in the response.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>SP Validates the Token and Grants Access:<\/strong>\n<ul class=\"wp-block-list\">\n<li>The &#8220;Trips&#8221; application receives the JWT. It validates the token&#8217;s digital signature to ensure it came from the trusted IdP and has not been tampered with.<\/li>\n\n\n\n<li>Once validated, the application establishes a session for the user and grants them access. The application can now use the roles inside the token to enforce permissions (e.g., allowing an\u00a0<code>Admin<\/code>\u00a0to access a special dashboard).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Seamless Access to Other Applications:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Now, the user decides to visit the blog at\u00a0<code>HolidayLandmark.com\/blogs<\/code>.<\/li>\n\n\n\n<li>The WordPress blog (another SP) will also redirect the user to the IdP for authentication.<\/li>\n\n\n\n<li>However, the IdP recognizes that the user already has an active session and is authenticated.<\/li>\n\n\n\n<li>Instead of asking for a password again, the IdP immediately generates a new JWT for the WordPress application and sends the user back.<\/li>\n\n\n\n<li>The WordPress application validates this new token and logs the user in instantly, without any user interaction.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p>This entire process happens seamlessly in the background, providing the user with a true single sign-on experience across all of your web properties<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00a0Here is a breakdown of the architecture for the Single Sign-On (SSO) and centralized authorization system for\u00a0HolidayLandmark.com. This architecture is [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2571","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Architecture for the Single Sign-On (SSO) and centralized authorization system - DevOps Consulting<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Architecture for the Single Sign-On (SSO) and centralized authorization system - DevOps Consulting\" \/>\n<meta property=\"og:description\" content=\"\u00a0Here is a breakdown of the architecture for the Single Sign-On (SSO) and centralized authorization system for\u00a0HolidayLandmark.com. This architecture is [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/\" \/>\n<meta property=\"og:site_name\" content=\"DevOps Consulting\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-04T12:22:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-04T12:22:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1024x682.png\" \/>\n<meta name=\"author\" content=\"Abhishek Singh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Abhishek Singh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/\",\"url\":\"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/\",\"name\":\"Architecture for the Single Sign-On (SSO) and centralized authorization system - DevOps Consulting\",\"isPartOf\":{\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1024x682.png\",\"datePublished\":\"2025-08-04T12:22:43+00:00\",\"dateModified\":\"2025-08-04T12:22:44+00:00\",\"author\":{\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/fc397ba8be42f9fdd53450edfc73006f\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/#primaryimage\",\"url\":\"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image.png\",\"contentUrl\":\"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image.png\",\"width\":1223,\"height\":815},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/#website\",\"url\":\"https:\/\/www.devopsconsulting.in\/blog\/\",\"name\":\"DevOps Consulting\",\"description\":\"DevOps Consulting | SRE Consulting | DevSecOps Consulting | MLOps Consulting\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.devopsconsulting.in\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/fc397ba8be42f9fdd53450edfc73006f\",\"name\":\"Abhishek Singh\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g\",\"caption\":\"Abhishek Singh\"},\"description\":\"I\u2019m Abhishek, a DevOps, SRE, DevSecOps, and Cloud expert with a passion for sharing knowledge and real-world experiences. I\u2019ve had the opportunity to work with Cotocus and continue to contribute to multiple platforms where I share insights across different domains: \u2022 DevOps School \u2013 Tech blogs and tutorials \u2022 Holiday Landmark \u2013 Travel stories and guides \u2022 Stocks Mantra \u2013 Stock market strategies and tips \u2022 My Medic Plus \u2013 Health and fitness guidance \u2022 TrueReviewNow \u2013 Honest product reviews \u2022 Wizbrand \u2013 SEO and digital tools for businesses I\u2019m also exploring the fascinating world of Quantum Computing.\",\"url\":\"https:\/\/www.devopsconsulting.in\/blog\/author\/abhishek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Architecture for the Single Sign-On (SSO) and centralized authorization system - DevOps Consulting","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/","og_locale":"en_US","og_type":"article","og_title":"Architecture for the Single Sign-On (SSO) and centralized authorization system - DevOps Consulting","og_description":"\u00a0Here is a breakdown of the architecture for the Single Sign-On (SSO) and centralized authorization system for\u00a0HolidayLandmark.com. This architecture is [&hellip;]","og_url":"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/","og_site_name":"DevOps Consulting","article_published_time":"2025-08-04T12:22:43+00:00","article_modified_time":"2025-08-04T12:22:44+00:00","og_image":[{"url":"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1024x682.png","type":"","width":"","height":""}],"author":"Abhishek Singh","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Abhishek Singh","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/","url":"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/","name":"Architecture for the Single Sign-On (SSO) and centralized authorization system - DevOps Consulting","isPartOf":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/#primaryimage"},"image":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/#primaryimage"},"thumbnailUrl":"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image-1024x682.png","datePublished":"2025-08-04T12:22:43+00:00","dateModified":"2025-08-04T12:22:44+00:00","author":{"@id":"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/fc397ba8be42f9fdd53450edfc73006f"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.devopsconsulting.in\/blog\/architecture-for-the-single-sign-on-sso-and-centralized-authorization-system\/#primaryimage","url":"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image.png","contentUrl":"https:\/\/www.devopsconsulting.in\/blog\/wp-content\/uploads\/2025\/08\/image.png","width":1223,"height":815},{"@type":"WebSite","@id":"https:\/\/www.devopsconsulting.in\/blog\/#website","url":"https:\/\/www.devopsconsulting.in\/blog\/","name":"DevOps Consulting","description":"DevOps Consulting | SRE Consulting | DevSecOps Consulting | MLOps Consulting","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.devopsconsulting.in\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/fc397ba8be42f9fdd53450edfc73006f","name":"Abhishek Singh","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.devopsconsulting.in\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/790feefe779852cdf344ca7318bf6c13832223c9b3c6bf4d217658412041026d?s=96&d=mm&r=g","caption":"Abhishek Singh"},"description":"I\u2019m Abhishek, a DevOps, SRE, DevSecOps, and Cloud expert with a passion for sharing knowledge and real-world experiences. I\u2019ve had the opportunity to work with Cotocus and continue to contribute to multiple platforms where I share insights across different domains: \u2022 DevOps School \u2013 Tech blogs and tutorials \u2022 Holiday Landmark \u2013 Travel stories and guides \u2022 Stocks Mantra \u2013 Stock market strategies and tips \u2022 My Medic Plus \u2013 Health and fitness guidance \u2022 TrueReviewNow \u2013 Honest product reviews \u2022 Wizbrand \u2013 SEO and digital tools for businesses I\u2019m also exploring the fascinating world of Quantum Computing.","url":"https:\/\/www.devopsconsulting.in\/blog\/author\/abhishek\/"}]}},"_links":{"self":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts\/2571","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/comments?post=2571"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts\/2571\/revisions"}],"predecessor-version":[{"id":2573,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/posts\/2571\/revisions\/2573"}],"wp:attachment":[{"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/media?parent=2571"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/categories?post=2571"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsconsulting.in\/blog\/wp-json\/wp\/v2\/tags?post=2571"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}