| At present, users usually need to access many applications. Due to applications authenticate user by themselves, users must offer the authentication information when access the applications, this is very inconvenient for users; every application needs to develop the authentication model and to maintain the user information, so the cost of development and administration will increase.Single Sign-On (SSO) is born for solving above problems. It means the user only need to login successfully once when first access the resource, then can access all the resources without re-authentication. It is an efficient and secure authentication solution for portal system. So it is essential to build a secure enterprise SSO system. In order to increase the security of the system, it need access control when authenticating user. This thesis researches the fusion of open source SSO and Role Based Access Control (RBAC), and the key technology of the SSO.The thesis discusses the architecture and authentication process of CAS, and by extending the CAS, adds the mechanism of coarse-grained access control to CAS, proposes the new model of SSO which is the fusion of RBAC and CAS. The new SSO can be used not only for authentication, but also for authorization, which increases availability and security of the system. The thesis researches the key technologies of the SSO, and proposes the feasible Solutions for realizing availability, security and multilevel proxy of the SSO. |
PDF Full Text Request