摘要
With the proliferation of online services and applications,adopting Single Sign-On(SSO)mechanisms has become increasingly prevalent.SSO enables users to authenticate once and gain access to multiple services,eliminating the need to provide their credentials repeatedly.However,this convenience raises concerns about user security and privacy.The increasing reliance on SSO and its potential risks make it imperative to comprehensively review the various SSO security and privacy threats,identify gaps in existing systems,and explore effective mitigation solutions.This need motivated the first systematic literature review(SLR)of SSO security and privacy,conducted in this paper.The SLR is performed based on rigorous structured research methodology with specific inclusion/exclusion criteria and focuses specifically on the Web environment.Furthermore,it encompasses a meticulous examination and thematic synthesis of 88 relevant publications selected out of 2315 journal articles and conference/proceeding papers published between 2017 and 2024 from reputable academic databases.The SLR highlights critical security and privacy threats relating to SSO systems,reveals significant gaps in existing countermeasures,and emphasizes the need for more comprehensive protection mechanisms.The findings of this SLR will serve as an invaluable resource for scientists and developers interested in enhancing the security and privacy preservation of SSO and designing more efficient and robust SSO systems,thus contributing to the development of the authentication technologies field.
