Keyshield SSO

Single SiGn ON Solution

Daily and often repeated authentication into many information systems bother users and causes considerable financial losses. The need to maintain and use multiple user names and passwords leads to a reduction in safety and causes further costs. With KeyShield SSO, an instant SSO Solution, a user needs to authenticate only once, to eDirectory, Active Directory or LDAP. Any other IS, portal, proxy, self-developed or simply client/server solution can share user identity via various interfaces of KeyShield SSO. Your developer can integrate KeyShield SSO within one working day. Your administrator can deploy server and clients within one working day as well.
Odoo image and text block

What is KeyShield SSO?

KeyShield SSO is a real SSO solution which detects and provides the identity of network users based on their authentication to eDirectory, Active Directory or LDAP (via KeyShield SSO client). Once a user is authenticated, KeyShield SSO verifies his/her identity and keeps the information about the IP address and full name of the user (see figure left). If the user then tries to connect to some information system, the identity is checked by querying KeyShield SSO based on IP address. If the user is known, no further authentication is required. This approach is more effective and safer than the way it works for example with an Internet browser that stores names and passwords, which have been used for authentication.

So-called yellow message functionality can deliver prompts to the screens of logged-in users. Such a message is hard to miss and does not go away until the user accepts it. The addressee of the message can be a specific user or a whole subnet. This function is especially suitable for sending information about network maintenance, etc.

Deployment In a working day

KeyShield SSO server is pure JAVA application which needs nothing more than JVM on Linux or Windows and an LDAP interface of eDirectory, Active Directory or LDAP. The whole installation is completed in less than a minute thanks to a comfortable installation script/MSI package. KeyShield SSO client for Windows workstations is provided as an MSI package and can be deployed manually or automatically by a solution like ZENworks. The Linux client is available in form of RPM and DEB package. The Android client is available thru Google Play market. Mac, iPad and iPhone clients are available through the Apple AppStore.

Integration In a working day

Virtually any application can be integrated with KeyShield SSO. KeyShield SSO provides HTML REST interface, a comfortable API library for "unique user ID" and maintenance of the NetworkAddress LDAP attribute as well as interactive administrator interface. Full integration is provided for CAS from JASIG and for the Security module of popular Spring framework. If your application is using Spring Security, such as the Liferay portal, the integration is included already.


Users do not have to remember dozens of usernames and passwords, so do not endanger security by writing them on pieces of paper stuck to their monitors. It is not necessary to synchronise the login data between systems with different levels of security and threaten the security by leakage from the less secure systems. No further waste of time and money – users can access network systems instantly, manual authentication is not necessary, nor is the updating of multiple systems when regular updates of passwords occur.