Design And Realization Of Unified Identity Authentication System Based On LDAP

The level of information technology has become an important measurement of overall strength of a country or a region with the development of global informationization and internet technology.In the process of informationization, information security becomes increasingly prominent. Identity authentication and single sign-on technology, as an important aspect of information network security, has been used more and more widely. This requires an authentication system which supporting multiple platforms, using unified varies authentication methods, easy to manage, and secure. It is more and more important to establish a consistent, secure authentication service, to avoid the hassle of confusing information, to facilitate integrated management, and also to lighten the burden of maintenance and increase security.Traditional authentication methods transport information on the network based on explicit user name and password, which is easily to be attacked and obtained, and can result in destroy of the system resource. In the meantime, in the general systems, passwords are composed of characters and are not long enough. Though simple passwords are easily to be remembered, they are easy to be attacked, easily incur security threats to the system, and reduce the system's security level.The solution in this thesis is to integrate the resources of B/S based application systems and establish a unified authentication module for every individual application system. User Information is stored and accessed in LDAP Server in the unified authentication module to simplify the management of the User Information, Single Sign-On based on LDAP authentication is implemented by extend the CAS. Performance is enhanced by the adoption of Cache Technology in the system, Consistent Hashing Algorithm is used to store data in Cache to improve the success rate when access data in Cache. At the same time a Web Based management subsystem is developed using Struts and Sprint to manage User information and information of Application Systems and authentication of users is through the same way. For Load Balancing consideration, the solution here also designed and deployed a distributed LDAP server system, this improves the stability of the whole system.