End users often misinterpret the Kerberos authentication
mechanism to mean Single Sign-On (SSO) in corporate world.
Kerberos authentication provides seamless
sign on to (web) applications by using the Kerberos ticket generated/ refreshed during the
user’s authentication to the network (when user first login to the computer).
For example, if web applications AppX and AppY are
configured for Kerberos authentication, the user will not see any credential
challenge when both of these apps are accessed in two different tabs of same
browser. This gives the impression of SSO between AppX and AppY.
The SSO functionality is much broader in any in premises Enterprise SSO infrastructure like OAM, SiteMinder, ForgeRock. The Kerberos mechanism is just one of several Authentication schemes available in SSO server. The Other authentication scheme like Form Authenticaiton can also provide single sign on between two different web apps thru a secure cookie generated by sso server when user first login thru the Form in a Web-Agent based SSO architecture.
