Design And Realization Of Unified Identity Authentication System Based On LDAP

With the rapid development of global informatization and Internet technology, the level of informatization construction has become an important mark for evaluating the comprehensive strength of a country or a region. In the process of informatization construction, the problems of information security have become increasingly apparent, the application of identity authentication and single sign on technology that as an important aspect of information network security becomes more widely available, so an easily managed and secure authentication system that supports multiple platforms and unifies various authentication methods is urgently needed. According to the requirements of Handan city resident card project, a unified identity authentication system is introduced in this paper.First, existing identity authentication mechanism is described in this paper, and the Kerberos authentication mechanism is importantly studied, the advantages and disadvantages of the Kerberos protocol is analyzed, and the advantages of ECC algorithm is analyzed, then an improvement Kerberos unified security authentication solution is proposed. In this solution, ECC algorithm is embedded into the Kerberos authentication process, and the improved protocol is offered to resolve the problems of Kerberos password guessing attacks and replay attacks, thereby it improves the safety performance of the system. Secondly, in this system the distributed properties of LDAP (Lightweight Directory Access Protocol) is used to organize user information which is distributed in different application into a logic directory tree, and XML and SOAP technologies are adopted to implement data exchange between heterogeneous databases and to achieve the centralized management of user information. It largely simplified the communication between various application systems and authentication service center. Finally, unified identity authentication module will be packaged for web service by Web Services technology, and then it will provide a unified interface to the client and realize the integration of application systems effectively. On the basis of these studies, a unified identity authentication system framework based on LDAP is presented. The whole system is realized over Java platform.Each module of the system is relatively independent, which guarantees the loose coupling of the system. In additional, the system can be integrated easily, so that it can lower the cost of management. The new application system need not rely on their own authentication system but unified identity authentication system to complete the authentication and authorization of users, and reduces the development cycle and workload. With the unified identity authentication system being gradual and perfect, it will play an important role among the information safe system of resident card or relative realms, and network management will be more secure and effective.