| With the deepening of the informatization, nowadays it is very common that there are several kinds of web applications running within an enterprise. They are usually developed in different time and they have independent and different authentications and authorizations. An employee has several pairs of username and password. When they access these applications, they have to sign-on several times. This reduces the productivity and increases the hidden troubles in security. To promote the productivity and security, the Single Sign-on (SSO) technology appears. First, this paper studies the current technologies of SSO, Kerberos Protocol, the two system of SSO in the industry, SAML, and then provides two kinds of methods to implement two kinds of requirements of SSO in a special project. To meet the first normal SSO requirement, the Ticket policy is used and the method uses a random number and a timestamp of a single server to withstand replay attacks. This method is better than the corresponding method of Kerberos Protocol which requires the times of multi-system are the same. The second SSO requirement includes some level of Enterprise Application Integration, and to meet this kind of requirement, this pager provides a new method of one time-sign-on-agent. In this method, the Portal signs on the target servers as the agent of the client and after the data and the session ID was returned, the client will communicate with the target servers directly. And the performance is optimized through the Multi-Thread mode and creating a pool of HTTP Connections. And an Enterprise Portal-SSO system is designed and implemented with the two methods. In the last, the pager analyses the security, performance, level of coupling, extensibility and applicability of the system. |
PDF Full Text Request