Research On The Safety Of SSO In Web Service Environment

With the development of Web service, a growing number of application integration by using Web service technology and Web service security problems become more and more important. Loosely coupled Web service environment, cross-domain, distributed, cross-platform, make the characteristics of the traditional SSO no longer applying.Single sign-on system authentication as an important component of the security of Web service, is of great significance. As the traditional single sign-on is not suitable for Web service, this article discusses the security that based on the SAML Single Sign-On System in the Web service environment.It is the Web service environment with cross-domain. In the Web service security mechanisms, the general adoption of WS-Security specification to ensure that end-to-end Web service message layer security. In public consumption in the application site is based on extensive comparison of the OpenID single sign. This paper compared the SAML-based single sign-on and OpenID-based single sign-on, from software architecture, system participants, working principle and applications.And it concluded that SAML-based single sign-on system environment is suitable for security higher requirements of Web service environment.Based on the analysis of Web service security requirements,there are three types of network attacks to ths SSO system.They are Replay Overload Attack,DNS Deception,DDoS(Distributed Denial of Service).In theory,it describes on the theiry of the attacks,and the potential risks.It analysis the implementation process of attack, and specific preventive measures.SAML agreement on security of its own expansion, at the same timeput forward a comprehensive SAML-based Single Sign-Systemobservations: between clients and servers using strong authentication;SAML assertion checks the opening mechanism; maintain timesynchronization between servers; modify the registry. In this paper, shibboleth selected as a test platform to build cross-domain based on the SAML Single Sign-on experimental environment. By attacking test, it analyzes the improved system security.In this paper, in contrast to the SAML-based single sign-on and OpenID- based single sign-on, analysis of network attacks, SAML security agreements for expansion and improve the SAML-based single sign-on system, authentication systems, such as work environment for Web service based on the SAML Single Sign-on study of the safety of the system has a certain significance.