Skip to content
AI Assistant: Your personalized ChatGPT advisor

Through the AI Assistant, we combine your company-specific data with the power of ChatGPT to creat a customized, intelligent chatbot for you.

Learn more
Sign contracts conveniently via smartphone

Swisscom makes electronic signatures suitable for the masses: With Swisscom Sign, the new feature in the My Swisscom app, contracts can be legally signed electronically. To qualify users for legally valid electronic signatures, Swisscom uses the online identification software from ti&m.

More about Swisscom Sign
Our customer VZ Depotbank is one of the most digitalized banks in Switzerland!

Thanks to ti&m Banking and ti&m Trading, VZ ranks third in the 2023 Digitalization Ranking of the Institute for Financial Services (IFZ) at the Lucerne University of Applied Sciences and Arts (HSLU)!

to Success Story
Out now: ti&m special «AI and innovation»


How do new technologies, open ecosystems and an innovative corporate culture drive innovation in Switzerland? Opinion leaders from various industries provide the answer in the new ti&m special «AI and innovation - More than just hot air»

Download our magazine for free now!
Out now: ti&m special «AI and innovation»


How do new technologies, open ecosystems and an innovative corporate culture drive innovation in Switzerland? Opinion leaders from various industries provide the answer in the new ti&m special «AI and innovation - More than just hot air»

Download our magazine for free now!
ti&m Coding Challenge for students: Take up the challenge!


For five months (starting from March 2024), we will be offering you a new challenge every month. Solve the puzzle, send the right answer, and you will be entered into our prize draw. With a bit of luck, you could win fun prizes from Jabra, Logitech, Galaxus, Raspberry Pi and more. Get stuck in and show off your skills!

Learn more
Services

Our industry expertise includes services in the AI, banking, insurance, public, transportation, e-government, retail and industry sectors.

Products

The ti&m digital banking suite is a modular financial technology platform to deliver fulfilling banking experiences in retail, corporate and private banking.

Industry Solutions

Our industry-specific solutions combine years of industry experience with technological expertise and can be tailored to meet your company's specific needs.

About us

Central information on ti&m: Key data, sites, values, executive board, customers, partners, and much more.

Insights

An insight into ti&m – you'll find everything you need to know here about events, academy, ti&m specials, downloads and press releases.

Career

Exciting roles on IT projects, extraordinary events and countless benefits all await you at ti&m. Apply now and surf with us!

How to use single sign-on as an authentication solution for microservices

Reliable user authentication and authorization is a key pillar of any application’s IT security. With monolithic systems, a simple login page and a session ID in a cookie is often enough to implement this securely and in a user-friendly way. However, in a modern microservices architecture, it’s not quite as easy.

This kind of architecture divides an application up into its core functions. The organization then implements and deploys these microservices independently. The microservices can communicate with each other via language-independent APIs. This makes individual services easy to implement. It also allows for short development cycles and means that it is possible to develop highly scalable and robust applications.

Diagram of a microservices architecture

Authentication in microservices

With a microservices architecture, users have to communicate with several systems instead of just one. They also need the right authorizations for several systems at the same time. Users shouldn’t have to authenticate themselves repeatedly, for example by having to enter a password for each system. A kind of single sign-on solution (SSO) is therefore needed for the individual microservices.

SSO in microservices

With an SSO solution, users authenticate themselves just once with a special system. Usually this system is called an authentication server. The authentication server verifies the user’s identity and generates a signed proof of it, otherwise known as a token. The user’s client application stores and uses the token. In a web application, this client application will be the browser, but it can also be a mobile or desktop application. The token is used to verify the user’s identity for individual services without any further authentication.

Today, the protocol OAuth 2.0 has become the de facto standard for communication between the authentication server and the client. It’s also worth mentioning OpenID Connect (OIDC), which builds on this protocol. OAuth 2.0 does not define the format of the token. However, many applications now use JSON Web Tokens (JWTs).

Stateless or stateful transfer

There are basically two ways to transfer the token from the client to the microservice: A stateless transfer sends the token with each HTTP request. Technically, this can be implemented with HTTP headers or cookies. A stateful transfer sends the token just once to each microservice. The microservice creates a user session, usually with the aid of a session cookie, and stores the token there. Any further communication with the microservice must then contain this session cookie.
With a stateless transfer, the microservice can authorize each request independently. This means that it is easier to implement microservices with stateless transfers. This is particularly advantageous for dynamically scaled applications, since instances of a microservice are easy to remove or add. However, if the application requires a large amount of user information, a certain overhead results with each request. A stateful transfer can reduce this overhead. So it’s crucial to take the specific needs of the application into account.

Using open-source solutions

Using standard protocols also means that you can use open-source solutions or other standard software. This is a great advantage, especially for security-related issues such as user authentication. High-quality and tested solutions are easily available to organizations that take this route. The open-source solution Keycloak deserves special mention here. It offers various authentication and social login methods. They include Bring Your Own Identity (BYOI). This means that users might log in with a Google or Facebook account, for example. Keycloak is also easy to extend and adapt. However, commercial products such as Okta or Microsoft’s Active Directory Federation Services (ADFS) also support OpenID Connect. On the client and server side, they also have implementations for all the major platforms.

ti&m security suite

The ti&m security suite offers user-friendly authentication that you can combine with a risk-based authentication approach. The company is the leading provider of this technology in Switzerland. ti&m secure mobile uses hardware-based security mechanisms to store cryptographic keys in the Trusted Platform Module on modern smartphones. This means it can offer secure yet user-friendly authentication. The ti&m security suite uses standard protocols such as OpenID Connect. This makes it easy to integrate into existing or new infrastructures. By contrast, independently developed security solutions (for example, using mobile transaction authentication numbers, or mTANs) are often error-prone. The ti&m security suite provides the ideal alternative here. It guarantees a strong and mobile authentication solution for modern multichannel platforms.

More links

Related Articles

Technology

Wie Roboter die digitale Transformation beschleunigen können

Mit Robotic Process Automation (RPA) können viele repetitive und zeitraubende einfache Tätigkeiten automatisiert werden. Wie der virtuelle Helfer eingesetzt wird und warum er auch für Ihre Firma interessant ist, erklärt Ihnen Reico Cannella in seinem Beitrag.

Reico Cannella - May 30, 2022

Special, Technology

From the hybrid cloud to the multi‑cloud – new opportunities for success

So. We have private clouds, public clouds and hybrid clouds. And now there’s even the multi‑cloud. Why? And what’s the difference?

Bernd Leinfelder - Jul 19, 2019

Technology

Kubernetes vs. OpenShift

What are the advantages and disadvantages of Kubernetes and OpenShift? ti&m surfer Bernd Leinfelder tackles this question in his blog post.

Bernd Leinfelder - Jul 10, 2019
Go Back to Overview