Research On SAML - Based Cross - Domain Single Sign - On And Access Control Method

With the development of Internet technology and people’s reliance on electronic office,and commerce.the issues of information security become increasingly important. Users need to log in to many different information systems every day. Each system requires the users to follow certain security policies, such as the requirement to enter user ID and password. Single sign on refers to the client user in the network only once authentication, you can access it by authentication process for all network resources within the authorized range. Cross-domain single sign-on so that the different interconnected domains possible. This study focused on how to ensure secure transmission of information on the Internet, how to integrate existing systems across domains, and how to access the user’s request for authorization decision-making. This paper studies the problem of authentication and access control cross-domain single sign-on system involved.This paper introduces the single sign-on and access control technology research status, the current relatively mainstream single sign-on and access control solutions were analyzed and compared, and discussed the technical difficulties to achieve cross-domain single sign-on time. This paper describes the specification SAML (Security Assertion Markup Language, Security Assertion Markup Language), SAML single sign-on and XACML (eXtensible Access Control Markup Language, Extensible Access Control Markup Language) technology background for SAML single sign-on model proposed the analysis and improvement, and SAML and XACML technology combines design a new access control model. This paper proposes a SAML-based cross-domain single sign-on and access control integrated system solutions, and is designed to simplify the process user access to resources and services outside the region, compared to the existing cross-domain single sign-on systems and access control systems, having a high safety and high efficiency. This paper describes a new system for each module design, and implementation. Finally, the system works in this paper have been tested, and for the security of the system is analyzed.The innovation of this paper may be reflected in the following aspects:1. The proposed improvements SAML single sign-on model, this model has changed the flow of messages exchanged between the original SAML model, each module, so that single sign-on process is simplified, IDP and SP interaction efficiency enhancement also increases the efficiency of a single point of entry system. Authentication assertion only between IDP and SP transmission, and signature authentication assertion after the promulgation of this operation to prevent the attackers from tampering with the message during transmission.2. The paper propose access control model using SAML and XACML combination of access control to Web services will use a combination of both SAML and XACML. The SAML bindings with SOAP messages using SOAP message request form, transmission, storage, protection, XACML context information.3. The paper propose a new SAML-based cross-domain single sign-on and access control systems.The paper design the authentication and authorization process system and three main modules designed system detailed design and implementation. Systems thinking Kerberos protocol borrowed bills, safe storage Cookie ticket to achieve cross-domain single sign-on security, and the use of SAML authentication and authorization information exchange.