Application Research Of Smart Card In SAML-based Single Sign-on Model

Single Sign-on as a synergic work designed for both practicability and security, integrates users' sign-on function and account management function among different systems. In Single Sign-on system, when accessing applications of multi-system that demand authentication, users need only one sign-on and identity authentication, who can enter into any system seamlessly without logging on again.At present, Single Sign-on system of cross-domain operation has several problems, such as the lack of uniform standards, over-complicacy of the flow and security deficiency, etc. There have been several conventional methods to implement a Single Sign-on system, but in recent years, the method of adopting normal standard SAML is used more widely. This thesis compares the advantages and disadvantages of three Single Sign-on models based on SAML, and mainly strengthens the security of simplified model among them. In this model, the storage and maintenance of SAML token in Client are completed by smart card. Besides, this paper presents a user identity authentication scheme that combines password with smart card to apply in the simplified model. Because smart card has characteristics of schlepping convenience, plug and play, difficult to forge, unfeasible to read data directly and functions of data storage and processing, using smart card to implement user identity authentication function, storage and maintenance functions of security token in simplified model can enhance the security of Single Sign-on system.For the sake of applying the above theories into practices, the paper designs the whole frame of system according to the simplified Single Sign-on model, expounding the design and implementation of each function module, designing three entities denominated Client entity, Identity Provider entity and Service Provider entity, mostly implementing four functions, that is, register, sign-on, log-on and password change.The last part of the paper describes the implementation and testing of program and discusses the insufficiency of system and the research work in the future.