The Achievement Of Single Sign-On System Based On United Directory System

With the need for the development of infomation construction, a lot of companies have established various self-application systems and aided office systems, and users have their own digital ID in the self-application systems. As the systems were established in different times and were managed by multi departmants, one user maybe need to use many application systems, resulting in different information for user in many application systems. The users should hold lots of passwords in order to login different systems, and it easily results in password forgoten and information leakage. In addition, when user's information rights will be changed in all related systems synchronously, there will be a lag of time and a waste of information resources.This paper achieved single sign-on system based on united directory system. This system development is based on Lightweight Directory Access Protocol of directory system, and management platform of united user information was established by adopting J2EE technology. And the user's property information in application systems unified to store in LDAP directory system, carrying through united and structural integration, mamagement and services. The united identity authentication system based on LDAP adopts distributed construction of directory information tree, taking advantage of performance on rapidly locking resources attribute, organizing and managing user's authentication information effectively, offering high efficiency and safe directory access.SAML protocol is adopted between single sign-on protal and various application systems, synchronous exchange of user information adopts token mode in order to avoid many times of login for users logging in many application systems, enhancing system safety, efficiency and usability.In addition, multi-level united authorization is achieved by distributing and changing the authority of various application systems, auditing the usage status of various authority in order to prevent abusing of authority after the share of information and standardizing the construction of application systems.