Research On Web-based Single Sign-On System

With the development of internet technology and processing of interprise informatization constructing, application systems builded for enterprise are increasing. Those systems have security validation mechanism independently. Users' identity identification saved respectivly in each system can not tansfer with each other. In order to pass system authentication, users have to possess a set of user name and password for every systems, and commit own identity identification over again when enter diverse systems. Single sign-on is a more effective and secure network authentication mechanism, consequently the proess of visiting network resource is simplified. The main goals of this system are to administer the information so that the users are allowed into the system with one-time login,thereby guaranteeing the security of system and users' information.On the basis of analysis of advantages and shortcomings of applied Single sign-on system models that are popular in home and foreign countries,this article introduces a Single sign-on system that is more appropriate to different enviroments in enterprise. This system combines two of Single sign-on models—"Broker based Model" and "Agent Based Model" , making sure the high adaptability of system. This system whose kernel is single sign-on implenmented via Cookie and Ticket is built on Central Authentication Server and Proxy Server. It offers user anthentication interface to support anthentication of user identity. The system comprise two parts:server module and agent module. The server module finishes central authentication of user identity and distribution and validation of tickets. The agent module processes user requests, redirecting requests to server module depending on request parameter , complete interraction with servers. And, the system transfer the ticket encrypted with RSA form server to agent.This article first introduces concept of single sign-on, and current developments of single sign-on technology. And then states bottom techniques when implementing single sign-on. In succession,article detailedly demonstrates system architecture and concrete implement, discusses the advantages and shortages of this system. Finally, article values the devised system on security,enforceability, extendibility and performance.