NIST SPECIAL PUBLICATION 1800-13
Mobile Application Single Sign-On:
Mobile Application Single Sign-On¶
Improving Authentication for Public Safety First Responders
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C)
William Fisher
Paul Grassi*
William C. Barker
Spike E. Dog
Santos Jha
William Kim
Taylor McCorkill*
Joseph Portner*
Mark Russell*
Sudhi Umarji
*Former employee; all work for this publication was done while at employer.
FINAL
The first and second drafts of this publication are available free of charge from
https://www.nccoe.nist.gov/library/mobile-application-single-sign-nist-sp-1800-13-practice-guide
NIST SPECIAL PUBLICATION 1800-13
Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C)
William Fisher
Paul Grassi*
Applied Cybersecurity Division
Information Technology Laboratory
Spike E. Dog
Santos Jha
William Kim*
Taylor McCorkill*
Joseph Portner*
Mark Russell*
Sudhi Umarji
The MITRE Corporation
McLean, Virginia
William C. Barker
Dakota Consulting
Silver Spring, Maryland
*Former employee; all work for this publication was done while at employer.
FINAL
August 2021
U.S. Department of Commerce
Gina M. Raimondo, Secretary
National Institute of Standards and Technology
James K. Olthoff, Performing the Non-Exclusive Functions and Duties of the Under Secretary of Commerce for Standards and Technology & Director, National Institute of Standards and Technology
- 1 Summary
- 2 How to Use This Guide
- 3 Approach
- 4 Architecture
- 5 Security Characteristic Analysis
- Appendix A Mapping to Cybersecurity Framework Core
- Appendix B Assumptions Underlying the Build
- Appendix C Architectural Considerations for the Mobile Application Single Sign-On Build
- Appendix D Acronyms
- Appendix E References
- 1 Introduction
- 2 How to Install and Configure the Mobile Device
- 2.1 Platform and System Requirements
- 2.2 How to Install and Configure the Mobile Applications
- 2.3 How Application Developers Must Integrate AppAuth for SSO
- 3 How to Install and Configure the OAuth 2 AS
- 3.1 Platform and System Requirements
- 3.2 How to Install the OAuth 2 AS
- 3.3 How to Configure the OAuth 2 AS
- 3.4 How to Configure the OAuth 2 AS for Authentication
- 4 How to Install and Configure the Identity Providers
- 5 How to Install and Configure the FIDO UAF Authentication Server
- 6 How to Install and Configure the FIDO U2F Authentication Server
- 7 Functional Tests
- Appendix A Abbreviations and Acronyms
- Appendix B References