The Research And Implementation Of Unified Authentication And Authorization System Based On PKI

With the constant development of information construction, as the important condition for the economic and social informationization, E-Government has being developed rapidly. E-Government inner portal as the access for the office integrated many Web application systems provided by various function departments. In these systems, their authentication and authorization modules, development platforms and deployment locations are different; it brings big difficulty to the E-Government integration. It's urgent to build a unified authentication and authorization system to implement the centralized management for users and application services.Based on the background of a project of E-Government inner portal, this thesis focuses on the current status of E-Government, through the analysis and research of the authentication technology, the model of SSO (Single Sign On) and the mechanism of access control, design a unified authentication and authorization system based on PKI, in authentication and session tracking, the system uses the challenge/response method based on digital certificate to authentication, and uses the encrypted cookie to track the session between the CAS (Center Authentication Server) and clients. In service authorization and access management, the CAS registers applications and services provided by applications in E-Government inner portal and manage them centrally. Based on the Kerberos model of brokers and the mechanism of role-based access control, the CAS creates the service ticket, then the client uses the ticket to access the web application system. At last, the security of the unified authentication and authorization system designed in the thesis is also simply analyzed.On implementation of the a unified authentication and authorization system, it uses JavaEE (Java Enterprise Edition) as the development platform, builds the CA (Certification Authority) with LDAP (Light Directory Access Protocol) directory server which stores the digital certificate, and provides the query service of application servers and clients certificate to implements the cross certificate between different CAS. At last, the thesis describes and implements the key function. In system integration, the existed application system is rebuilt and integrated through redirection, and the new application system is integrated into inner portal with security Web Service to SSO and authorized access.Through the design and implementation of the unified authentication and authorization system, it can solve these problems that User information can't be unified, authorization management is complex and resources are hard to share. It's a certain practical significance to the future of E-Government building.