Understanding Single Sign-On (SSO): Principles, Process, and Application Scenarios

Hello, I’m mikechen, with over ten years of BAT architecture experience, sharing knowledge about Single Sign-On (SSO).

Single Sign-On, often abbreviated as SSO, is an authentication method that allows a user to log in once and then access multiple mutually trusted applications without re‑entering credentials.

In plain terms, after you log into one subsystem of Alibaba, you no longer need to repeat the login process for other systems such as Tmall or Taobao.

SSO works through a centralized authentication server that validates user identity, manages login state, and issues authentication tokens (e.g., Token, JWT). The key component is this central server, which handles credential verification and token generation.

The typical workflow consists of the following steps:

User accesses a protected application (e.g., Application A).

Application A detects that the user is not logged in and redirects the user to the centralized authentication system.

The authentication system validates the user’s credentials and either generates a ticket (on success) or returns an error page (on failure).

Upon successful authentication, a unique ticket/token is created and returned to Application A.

Application A verifies the token, creates a local session for the user, and grants access to resources.

Through these five steps, the user enjoys a seamless experience across multiple trusted systems.

Typical application scenarios include:

Enterprise internal systems such as HRMS, ERP, CRM, where repeated logins would hinder productivity.

External internet platforms like e‑commerce sites (e.g., Taobao, Tmall), allowing users to switch between services without additional logins.

The main benefit is an improved user experience and higher operational efficiency.

Additionally, the author offers a comprehensive collection of Alibaba architecture topics and the most complete set of Java interview questions with answers. Readers can obtain these resources by following the public account “mikechen’s Internet Architecture” and replying with the keyword “合集”.

For those interested in the full Java interview guide covering Java, multithreading, JVM, Spring, MySQL, Redis, middleware, etc., a link is provided in the article.