Research And Implementation Of LDAP-based SSO Technolgy

With the development of corporation information and Internet technology, manycorporations have developed many kinds of application systems at different phases.These applications may be implemented based on different technologies, deployed atdifferent servers, and may use different developing languages, almost cross domains.These systems have their own authentication mechanisms. When corporations do EAIactions, these authentication mechanisms become a stumbling block of integration.Using many authentication mechanisms simultaneously increases the costs ofmanagement, and the work is becoming more and more difficult. With the increasingof systems which users need to login, the possibility of being captured illegally anddestroyed will enlarge, the safety will also be reduced. So, how to provide a kind ofquick and safe authentication and authorization solution has become one of the keyquestions in EAI.Many corporations and orgnizations research a lot about SSO to implementunited ID authentication and authorization in distributed curcumstance.The basicthought of SSO is to change complicated security strategy into SSO. In theframework of SSO, all security arithmetic is a booked point of indepent securityauthentication. It only needs sign on once when one user wants to visit differentsystems.The advantage of single sign on is obvious,but hard to implement. Currently,single sign on is a share mechanism of authentication information provided bymiddleware suppliers when they provided application sever cluster, and thesuppliers, such as IBM, Oracle, BEA, WebSphere, give their own sso solutions based ontheir products by the market pressure. There are some famouse open sourceimplementation of sso, such as CAS, developed by Yale.They only provide a way tosolve the problem based on theirselves or some solutions combined with thirdprduction,and bring developer and manager into a rather hard way in using,becausethey didn't think about the coming security integration request of cross application, middleware and platform when designed the security system.Some security productsdeveloped by their suppliers can partly make the security integration, but theconfigurations and applications of them are relatively complicated and immature.There has no universal and easily realizable SSO solution.To solve the problems discussed above, this thesis puts forward a universal SSOmodel with Web Services, JAAS and LDAP technologies, and implements theJWSSO component by the model. The JWSS0 component has advatages ofuniversality, crossing platform, easy expansibility and security authentication, and canbe applied to EAI easily.