Emulerad single sign-on

Sammanfattning: The goal of the project was to create an extension to Internet Explorer forStatens Tjänstepensionsverk (SPV) which would give the staff the experience ofSingle sign-on (SSO) to external web service providers as well as manage andupdate their passwords in a secure manner. The survey focused on the providersPalasso, ProCompetence and Wera. The extension was created as a BrowserHelper Object (BHO) with C# in .NET. The solution was implemented as aCOM object in a DLL-file that was running in-process with the browser. Theprogram used a locally stored XML file containing URLs, usernames andencrypted passwords to the providers. When a user came to a login page theprogram collected the HTML elements on the page and populated them withdata from the file and logged in the user. Encryption and decryption was solvedwith a symmetric key that was stored in the program. In the XML file was alsothe date for the latest update of the password. If one month had passed, theprogram either gave the user an indication that the password needed to beupdated, or updated it automatically with a new generated password, dependingon the provider. The conclusion was that the extension worked as planned butthat there were improvements to be made regarding the possibility to add newsites to the system. The project also included an analysis of alternative optionsto solve the problem using JavaScript, Add-in Express, or via a portal page. Theconclusion was that none of these were an equally powerful tool as a BHO.