Research And Implementation Of SSL-based SSO System

With deeper informationization, enterprises become increasingly dependent on computer information system. Because B/S structured program has some unique qualities, such as being easy to deploy and maintain, it is an important choice for enterprises to build application systems. At present, a good part of application program base on account and passwords for authentication. Each entering a system needs to import a pair of account and password. Now there are more and more inner enterprise application systems, if employees want to visit resources in these application systems, they have to be logged and certificated repeatedly, and it will greatly reduce the efficiency; In addition, each application system requires users to use strong countersign, and it will be a heavy burden on users to change and memory their countersigns, so it will cause certain information security risks to enterprises and employees. Single Sign System (SSO) comes to being in the background. Its main objective is that the use has to log into the system only once, he can visit all internal application systems.This paper analyzes the features of Internet/Intranet and B/S structured program seriously, and studies a number of authentication mechanisms, at the end puts forward a Single Sign GeneralWebSSO model in web environment, and also gives the method to realize it. This model has fully considered the security and convenience in the design process. It not only ensures the system loose coupling, but also guarantees the authentication accordant. The old system was allowed to give up the former register system, and conveniently integrated into SSO. Furthermore, the new systems don't need to have registers systems, but depend upon SSO system to accomplish user's authentication.GeneralWebSSO has the following characteristic:1) It is independent to the middleware, can run in the current market popular middleware;2) The ticket that contains user's authentication information is stored server side, but in non- cookie, which is stored in client side;3) It is very convenient for application systems that are developed before to use this model. Few modifications are needed to implement single sign on.