Research On Single Sign-on Secruity Model Based On SAML

The principle of single sign-on is to provide unlimited accessing to mutual trust applications with sign-on once. Because web services involve the coordination of many sites belonging to different domains, it will bring about the issue of cross-domain coordinated identification and the security message transportation. Therefore the cross-domain single sign-on based on uniformed standard-SAML has become a focus of the researches in the security field.Advantages and disadvantages of the current single sign-on solutions are analyzed in great detail. Although the single sign-on can provide us with joint identification between many sites in the single domain, there are still problems, such as the lack of uniform standards, over-complicacy of the flow and security deficiency, to name just a few. An authentication strategy of secure remote password based on SOAP message extension, a message secure strategy based on SAML, and a secure model of single sign-on based on SAML, are presented. The model has been implemented in the ChongQing University Digital campus. The main works are described as follow:Firstly, according to the deficiency of effective authentication mechanism in current single sign-on based on SAML, an authentication strategy of secure remote password based on SOAP message extension is presented base on the extention of SOAP and the excellence of SRP in the thesis. The strategy can ensure the security of password and authentication assertion in despite of the weak password.Secondly, according to the vulnerability of the current SAML message mechanism and the deficiency of the transport layer protection, a kind of message security strategy based on SAML is put forward in this thesis. Its anti-attacking ability is summarized. The strategy can guarantee the security of information during the entire transmission period, which can meet the requirements of security information cross- nodes and cross-domain the Web service.Thirdly, in order to solve the complex flow of security message exchanging, the deficiency of security and flexibility in current single sign-on model based on SAML, a security model of single sign-on based on SAML is presented on the basis of the two strategies above. The model has the characters of simple flows, fewer messages, and flexible configuration.Finally, the single sign-on security model based on SAML is designed and implemented. The results of functional and security test indicate that the security of model compared with the previous model can do better in enhancing the security of single sign-on system.