A Design And Implementation Of Enterprise Class Single Sign-on System Based On Rule Of Role Conversion And JOSSO

With the construction of enterprise information technology advances and Internet technology developed, many enterprises have developed various types of Web applications for his'business. Technology of these Web application used have most of different ways, and may even adopt a different development language, and the security of these systems have their own authentication mechanisms. On the one hand if users want to access multiple systems, not only to face the multiple login Interface, you may also remember those different users name and passwords; on the other hand each system has its own account management systems, mutual distrust. System administrators have to maintain multiple systems in the user information to ensure data consistency. How do solve this problem, single sign-on, it is the best choice for enterprises. Single sign-on build a unified data access platform for the enterprise or institution.that enables users to simply login once, access to multiple related applications. It means when he/she through an application of security validation, then he/she no longer need to login again when access to other applications.This article describes the basics of single sign-on, such as single sign-on process, classification, advantages and disadvantages.then systematically expounded the Role_Based Access Control model.for example RBAC96 model,RBAC97 model. Then in the fourth chapter we describe the two single sign-on frameworks Central Authentication Service (CAS) and Java Open Single Sign-On (JOSSO), and we design a single sign-on system based on JOSSO framework. Finally, I presents an improved method of the original single sign-on system, used the Rule of Role Conversion we put basic role into the authority role of the applications.Used this method ,we has the following advantages: first, reducing the overhead of a database connection and operations, the database need only store basic information staff, the department and basic roles. Second, this idea inherited the SOA mentality, Separation of application information and user access basic information. And call the services only through the interface. Third, reduce informative of the tickets which user carrying and increased transmission security. The last, To provide users with more convenient from one application goto another application.