| Based on the functional requirements of enterprise in the deployment of Web Single Sign-on (SSO), Public Key Infrastructure (PKI) for information security solution and the analysis of Web SSO related technology, a PKI-Based Web Single Sign-on solution is proposed in this paper. In this solution, all users can login only once but switch between the Web applications without constraints safely and effectively.The advantages of "Broker-Based Model" and "Agent-Based Model" are combined in the overall model design. On one hand, centralized authentication in "Broker-Based Model" is applied; on the other hand, SSO agent which can proxy user to complete the authentication is added to web application. By this, the implementation of SSO service will be enhanced. The design philosophy of Kerberos protocol is referenced in SSO workflow design. In the side of SSO server, primary ticket is generated for authenticated user, and service ticket is generated for user access to Web application. The two-way digital certificate authentication based on USB Key is applied in the design of user identity authentication, which can ensure the legitimate identity of both the user and the SSO server. Moreover, the system also supports the function of "Single sign-out". A User's logout from an application system will lead to his logout from all these application systems that he has logged in, which will guarantee the consistency of his overall login state. And the system also provides certain support for the auditing function of security Log.Finally, based on the solution mentioned above, a safe and efficient Web SSO system is realized on Java EE platform and applied in a project management company of Guangzhou port. |
PDF Full Text Request