Research And Implementation Of Single Sign On System In Tax Department

With the development of the network technology, the E-government network in TAX department is becoming more and bigger .If users log in a lot of systems in portal; they not only face many login interfaces, but also remember different user names and passwords. Each system has their own account management and distrusts each other. System administrator has to maintain the information of users, and guarantee the consistency of all data. It brings great difficulty to each systematic merger. As the increment of logins, the possibility of making mistakes, destroying illegally, being intercepted, being captured will increase and the security of systems will be reduced correspondingly. Considering the efficiency and security factors, an efficient and safe network authentication system, the SSO technology, is urgently needed. The SSO is a system that once the user successfully passes the identify authentication process;It can get access to the authorized resources without other identity authentication process.This dissertation focuses on a high security and adaptability Single Sign-On system. This system is based on authentication mechanism with LDAP protocol, uses slightly directory access standard protocol and distributed characteristic of directory service, organizes users' information and network resources in a logic tree, which distributed over all application systems. That simplifies communication between authentication center and application systems, and reduces the system's difficulty to realize. The directory service system makes the slightly directory access server as the core database of authentication management system, stores the user ID information,role and access control information. It provides the strategy management system, manages the whole users in the system, and executes the authentication server decided by the manager. Compared with distributed network system centered on database, this method of realizing is extendable and the management to centralize, flexible, and simplified achievement.This dissertation sets forth the design background of SSO System in TAX department, studies the software architecture and the architecture authentication server,LDAP server. This system is based on three-side identical Kerberos authentication protocol. A method integrating authentication mechanism named Kerberos with LDAP protocol is proposed. The paper mainly completed the design of authentication server, the data structure of authentication server and the design of message pattern, realized user unified authentication and authorization by the following five module: AS and TGS, data process, thread process and communication control. The system supports the mutual authentication, and greatly improves the coefficient of security. At the same time, it needs one-time identity authentication adopted single sign-on and acquires all authorized service by the transparent logon. The system centralizes the loose users by single sign-on technology, automates the user logon of the application service, and decreases the users' waiting time. At last, the system is tested and proved that it is operational in safety, credibility and execution.