With application definitions published against OU, Group Policies, and User objects; where exactly is SSO data (application definitions and credentials) stored?
1. Application definitions, password policies and preferences specifically set on a user object are stored against the user object in Active Directory. They will only apply to that particular user and this configuration is rarely allowed by administrators in corporate deployments.
2. Although application definitions, password policies and preferences defined at the OU and Group Policy level are read and applied to the user (and appear in the cache for offline use), only credentials for these applications are stored against the user object. The actual application definitions etc. are not stored against each user object in the Directory.
Note: All SSO data appears in the offline cache in case the network is not available. Although the cache contains all data, user objects typically only contain user specific application definitions and/or preferences that are set on the user object.