SSO Architecture Patterns
RCCE students will learn single sign-on architecture, implementation, and security including SAML 2.0, OpenID Connect, Kerberos, federation protocols, and SSO session management. RCCE students will learn to design SSO architectures that balance user convenience with security, configure identity providers and service providers for SAML-based SSO, implement OIDC-based SSO for modern applications, troubleshoot SSO authentication failures, secure SSO sessions against hijacking and replay attacks, audit SSO configurations for misconfigurations, and respond to incidents involving SSO compromise including golden SAML attacks and session token theft. This architecture course teaches secure system design using proven patterns, guardrails, and reference architectures. Building on core knowledge, RCCE students will learn to evaluate design options against security requirements, make informed trade-off decisions, and build systems that are resilient by design. Students gain the architectural thinking skills needed for security engineering and solution design roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing SSO Architecture Patterns
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for single authentication
- Execute hands-on tasks for token propagation
- Execute hands-on tasks for session continuity
- Execute hands-on tasks for security trade-offs — covering Reduced password fatigue and credential sprawl.
- Execute hands-on tasks for lower it helpdesk costs (fewer resets) — covering Single point of failure — IdP breach = all apps.
- Explain SSO Architecture Overview fundamentals
- Integrate privilege controls with identity providers and SIEM telemetry
- Execute hands-on tasks for auth query
- Execute hands-on tasks for user agent (browser / app) — covering Issues SAML assertions / OIDC, Consumes tokens from IdP.
| Module 01 | SSO Architecture |
| Module 02 | Single Authentication |
| Module 03 | Token Propagation |
| Module 04 | Session Continuity |
| Module 05 | Security Trade-offs |
| Module 06 | Lower IT helpdesk costs (fewer resets) |
| Module 07 | SSO Architecture Overview |
| Module 08 | Provider (SP) |
| Module 09 | Auth Query |
| Module 10 | Identity Provider (IdP) |
| Module 11 | Service Provider (SP) |
| Module 12 | User Agent (Browser / App) |
| Module 13 | Examples: Okta, Azure AD, Ping, ADFS |
| Module 14 | Examples: Salesforce, AWS, GitHub |
All hands-on labs run on Rocheston Rose X OS. Students practice sso architecture patterns by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Design a scalable privilege management architecture with policy and enforcement
- Lab 2: Execute hands-on tasks for single authentication
- Lab 3: Execute hands-on tasks for token propagation
- Lab 4: Execute hands-on tasks for session continuity
- Lab 5: Execute hands-on tasks for security trade-offs
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for SSO Architecture Patterns, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI