Research And Implementation Of Unified Identity Authentication Service Based On SAML

At the present stage,most of domestic universities continued to deepen the construction of digital campus,The University Resource Planning is becoming main concept of the informationalization in the university.Construction of digitalization was the phase of the system integration in past,it has got into the phase of the application integration at present.The main task of application integration stage is to build a digital campus information platform.In order to satisfy the need of the digitized campus information platform,it is very essential to build a kind of unified status authentication service that is"authenticating once,roaming whole net".The unified identity authentication technology is developing . At present , many international organizations and companies are focusing on researching in the field.Unified identity authentication system based on the SAML has the federated status authentication ability visiting inner domain or cross domain,moreover,it may satisfy exchanging of the status authentication information between heterogeneous system.In the paper,unified identity authentication system based on SAML was designed and implemented by detail researching on the existed solution and standard.The Browser/Artifact Profile was used in the system.User information is transferred fast and securely through back channel between Identity Provider(IDP) and Service Provider(SP).Single domain and cross domain federated identity authentication models were designed respectively by different user.Correlated modules of SAML server side and SAML client side were designed and developed in the article.Server side includes authentication dealing modules,token generating module,recourse accessing direction,requesting/responding module,information transfer module and security treating module.Client side includes SAML customer module,Artifact receiving module and access controlling module.To prevent from tampering in the process of information transfer,XML safety technology was implied to sign requesting/responding message and it insures the security of application level's data.User's identity information and resources information were stored and managed in LDAP directory services,and correlated modules of LDAP were designed. Taking campus net as the application background , the unified identity authentication platform based on the SAML was realized.The authentication system was demonstrated on different WEB application system.It is confirmed that the system is secure and feasible.In a word,the desired target of the paper was reached.