| With the development of information progress, more and more application systems are applied in enterprises. When accessing to these systems, users have to log-in several times, which not only brings inconvenience to users, but also lower the security of system application. Single sign-on (SSO) makes users only need to be authenticated once, in other word, only need to log in once, users can access to network resources that are authorized for them.So far there are lots of products of SSO using different solutions and technologies, it is diffcult for enterprises to select the right products. Aim at this situation, this paper sorts and analyses several popular models of SSO. And through lots of researches and filter, it makes SSO system divide into system of based on C/S and based on B/S. Then the paper describes and analyses detailed their respective main protocols: (1) makes concretely analysis and research to Kerberos and CAS, which are both protocols of SSO based on C/S, and analyses their principles and advantages and disadvantages. In combination with the popular of USB hardware and the development of USB key technology in current, it makes an improvement to Kerberos, gives a two-factor authentication Kerberos that makes authentication applying USB and password combine. (2) Solutions based on B/S: Passport and Liberty by way of illustrations, also analyses their process, advantages and disadvantages. At last, the paper compares to these solutions of SSO from different views of function, security , application and so on. |