Daily and often repeated authentication into many information systems bothers users and causes considerable financial losses. The need to maintain and use multiple user names and passwords leads to a reduction in safety and causes further costs. With KeyShield SSO, Instant SSO Solution, user needs to authenticate only once, to eDirectory, Active Directory or LDAP. Any other IS, portal, proxy, self developed or simply client/server solution can share user identity via various interfaces of KeyShield SSO. Your developer can integrate KeyShield SSO within one working day. Your administrator can deploy server and clients within one working day as well.

What is KeyShield SSO?

KeyShield SSO is a real SSO solution which detects and provides the identity of network users based on their authentication to eDirectory, Active Directory or LDAP (via KeyShield SSO client). Once a user is authenticated, KeyShield SSO verifies his/her identity and keeps the information about the IP address and full name of the user (see figure below). If the user then tries to connect to some information system, the identity is checked by querying KeyShield SSO based on IP address. If the user is known, no further authentication is required. This approach is more effective and safer than the way it works for example with an Internet browser that stores names and passwords, which have been used for authentication.


Deployment within a working day

KeyShield SSO server is pure JAVA application which needs nothing more than JVM on Linux or Windows and LDAP interface of eDirectory, Active Directory or LDAP. Whole installation is completed in less than a minute thanks to a comfortable installation script/MSI package. KeyShield SSO client for Windows workstations is provided as a MSI package and can be deployed manually or automatically by solution like ZENworks. Linux client is available in form of RPM and DEB package. Android client is available thru Google Play market. Mac, iPad and iPhone clients are available thru Apple AppStore.

SSO integration within a working day

Virtually any application can be integrated with KeyShield SSO. KeyShield SSO provides HTML REST interface, comfortable API library for „unique user ID“ and maintenance of NetworkAddress LDAP attribute as well as interactive administrator interface. Full integration is provided for CAS from JASIG and for Security module of popular Spring framework. If your application is using Spring Security, like LifeRay portal, the integration is included already.


Users do not have to remember dozens of usernames and passwords, so do not endanger security by writing them on pieces of paper stuck to your monitor. It is not necessary to synchronize the login data between systems with different levels of security and threaten the security by leakage from the less secure systems. No further waste of time and money – users can access network systems instantly, authentication is not necessary as well as regular maintenance of usernames and passwords.

Licensing policy

KeyShield SSO is licensed only by the number of user devices. Please note – Terminal Server session with virtualized IP address is handled like a device. Number of applications and systems that you integrate with KeyShield SSO is unlimited. Integration support is provided for some widespread systems directly by us or in collaboration with their respective suppliers (see list of integrated technologies).