In a single sign-on architecture, what key requirement exists between domains?

In a single sign-on (SSO) architecture, a critical requirement between domains is that the secondary domain must trust the primary domain. This trust relationship is essential for the efficient operation of SSO because it allows users to authenticate once in the primary domain and then gain access to resources in the secondary domain without needing to log in again.

The trust implies that the secondary domain recognizes and accepts the authentication tokens or credentials issued by the primary domain. This eliminates the need for multiple logins, enhancing user convenience and overall security, as it centralizes authentication management. When one domain trusts another, it can safely assume that the authentication performed by the primary domain is valid and reliable, thereby streamlining access across domains.

In SSO implementations, if the secondary domain does not trust the primary domain, users would face friction in their experience, needing to authenticate separately for each domain, which goes against the core principle of SSO. Understanding this trust relationship is vital for designing robust and user-friendly SSO systems.