Design Based On A Single Point Of The Saml Unified Authentication And Cross-domain Logon

Single Sign-on (SSO) is the one of popular solutions for combination of enterprise resources. SSO is defined that users can access all applications in the circle by logining in one of applications which trusted by other applications in a trusted circle once.This system is based on the Liberty FF-1.2 Frame for identity federation and authentication management. It is proposed an improved mix-pattern for saml model of pushing and pulling for aiming at communicating difficultly with isomerous architecture,transfering uneasily with different entertainments and logining in for many times in cross domain visitation on the latest basis of criterion such as Saml2.0,SOAP1.1,Ws-security1.1. It doesn't only predigest the flow of IDP between SP, but also enhanced the security of message interaction. Furthermore, it advanced on effection when IDP interacted with SP. A Platform which based on betterment pam of expandability which is of pluging and inserting at liberty is brought forward. It didn't only integrate different authentication models like Radius,LDAP,Kerberos and so on, also provided interface for new authentication mode pluging in. If a platform with C/S architecture is needed to integrate into SSO, it can be corresponded with unified authentication center by installing an agent in Client. At last, through the deep research of apache web server with thread scheduling, memory allocation, module management, log mechanism and mistake management, a management platform based on saml for unified identity authentication and Cross Domain SSO. It implemented a more efficient, more secure, more steady, more convenient Frame which comprised of CDSSO, interaction of diversification with authentication method and the access of a new system. By unified management and control, models with both looseness and coupling, it radically, flexibly and efficiently solved problem which is about weak protection security of identity management project, thick granularity for user authorization and access, fine granularity with purview of resources and complex interaction. Meantime, it met deploitation in different environments and provided a soft architecture with update and integration. Innovations of this dissertation are depicted as follows:1) Proposing an improved mix-pattern for saml model of pushing and pulling, It didn't only predigest the flow of IDP between SP, but also enhanced the security of message interaction. Furthermore, it advanced on effection when IDP interacted with SP.2) Proposing a Platform which based on betterment pam of expandability which is of pluging and inserting at liberty. It didn't only integrate different authentication models like Radius,LDAP,Kerberos and so on, also provided interface for new authentication mode pluging in.3) Proposing a interface that if a platform with C/S architecture is needed to integrate into SSO, it can be corresponded with unified authentication center by installing an agent in Client.4) Proposing a platform named XML engine ,it Provided a Frame for the security between IDP and SP.