| On the basis of analysis of advantages and shortcomings of applied Single sign-on system models that are popular in home and foreign countries, this article introduces a Single sing-on system that is more appropriate to different environments in enterprises.This system combines two of Single sign-on models - "Broker Based Model" and "Agent Based Model", making sure the high adaptability of system. LDAP is used to store the user information, to manage all users' authentication and authorization. Two-factor authentication is used as the strong authentication method, to protect users' identity. There is also the audit server in the Single sign-on system to record every operation of system.The Single sign-on system makes use of GSS-API (Generic Security Service Application Programming Interface). The GSS-API is the interface of the Single sign-on platform, so other systems could join the Single sign-on platform through the GSS-API. The standardization of interface improves the adaptability of this system.This article describes every detail of these technologies and the procedure. In the third part even each functions of GSS-API is described clearly. At the end of article there are the characteristics of the system - adaptability, extension, security, easy to management.The Single sign-on topic, mentioned in this article, comes from the cooperation with internet Security Corporation. |
PDF Full Text Request