Investigating Root Causes of Authentication Failures Using a SAML and OIDC Observatory

Jim Basney, Phuong Cao, Terry Fleury

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Authentication is the most critical gatekeeper to the web applications that scientists use to carry out collaborative research. While authentication rarely fails, the impact of failures is huge, and root causes are not well understood. This paper analyzes the root causes of authentication failures from a production authentication system called CIL-ogon, an ideal observatory to monitor authentication issues in a distributed identity federation. CILogon is used by 250+ identity providers and 150+ web applications while acting as a proxy to bridge different single sign-on protocols (OIDC and SAML). Our data on authentication is unique because it is: i) longitudinal (over thirty months), ii) realistic (8,000+ active users), and iii) large-scale (nearly three thousand failures out of 447,428 successful authentications). Our finding is surprising: OIDC has about double the failure rate compared to SAML, which contrasts with our prior belief that SAML is much more complex than OIDC. Our most impactful contribution is a fault tree of error types that quickly finds and mitigates the root cause of authentication errors.

Original languageEnglish (US)
Title of host publicationProceedings - 2020 IEEE 6th International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application, DependSys 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages119-126
Number of pages8
ISBN (Electronic)9781728176512
DOIs
StatePublished - Dec 2020
Externally publishedYes
Event6th IEEE International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application, DependSys 2020 - Virtual, Nadi, Fiji
Duration: Dec 14 2020Dec 16 2020

Publication series

NameProceedings - 2020 IEEE 6th International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application, DependSys 2020

Conference

Conference6th IEEE International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application, DependSys 2020
Country/TerritoryFiji
CityVirtual, Nadi
Period12/14/2012/16/20

Keywords

  • Authentication
  • distributed systems
  • error analysis
  • error handling and recovery

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Signal Processing
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Instrumentation

Fingerprint

Dive into the research topics of 'Investigating Root Causes of Authentication Failures Using a SAML and OIDC Observatory'. Together they form a unique fingerprint.

Cite this