Design And Implement Of Single Sign-on System Based Upon Certificate

With the progress of the information construction of modern corporations, lots of Web Application Systems were explored at different stages. These systems had independent security authentication mechanism which would oblige/let users to take authentication again when visiting different applied services. This not only bothered the users but also make some potential safety hazard existing. As to it was essential to design a more efficient and protected authentication mechanism to simplify the visiting procedure of net sources, the 'single sign-on' was then generated. It gathers all the authentications together and the users could visit all the sources in the system by logging in only once.A single sign-on system was presented which is based upon certificate by analysing the realization mechanism of typical single sign-on system as well as its advantages and drawbacks at present. In this paper, it has discussed the security encryption technology, digital signature, digital certificate, SSL protocol, HTTP protocol as well as cookie technology, dissertated the minute objective of single sign-on system, the system architecture and detailed plan of authentication server in details, schemed the certificate and protocol, and established the access criteria of application system. Moreover, the single sign-on system has been anthenticated by the exploration and modification of two applicationg systems.In this system, authentication server establishes a trusting relationgship among application systems via the technology of encryption decryption and digital signature, sets up a mapping relationship referring to users' identity, roles and information of the server, makes the certificate become the carrier of the users' identity information and the visiting authorization.Thus, the authentication and authorization could be combined.Users who has obtained the certificate could visit the system directly without the authentication server, which would largely diminish the dependence on the AS(authentication server) and upgrade the stability of the single sign-on system effectively.