| As the information technology develops fast, a number of large enterprises and government departments use the electronic systems in their work. The whole system contains many different subsystems, such as office automation system, financial management system, file management system, and information retrieval system, etc. If every system has its own login and verification mechanism, users have to use different usernames and passwords to login to the different systems in order to finish their work. The problem is that it lowers the work efficiency, and costs more. With the increasing number of the systems, users have to memorize multiple different passwords and usernames which can be easily forgot or confused. SSO is designed to solve this particular problem, and has constantly been applied to the enterprise's systems.SSO is a security communication technology to help users quickly log in multiple sites. SSO is communication protocol based on exchanging the users'information among different systems. With this property, user can log in one system and immediately gain access to all systems without being prompted to login again. It makes the users log in the whole system quickly, improves work efficiency and security. Being a protocol with abovementioned properties; and SAML 2.0 introduces several new functions in 2005, and promotes the development of SSO. The standard of SAML language and the complement of protocol promote the development of SSO and lead the SSO into a new stage. The SSO system which is implemented by SAML language has many advantages, such as unity, cross-platform, extensibility and high security.In this thesis, we briefly introduce the SSO related protocols, subjects, SAML related technologies, and the existing SAML implementations study two common SAML-based SSO models and analyze the major SAML-related open source frameworks, code structure, and the current development of Web-based SSO related technologies. The main works in this thesis are as follows:we give a secure and reliable SAML-based SSO model design by analyzing the current user demands and combining with the system required improvement. This design is primarily aimed at Web-based B/S application systems in the enterprises and provides a variety of authentication methods. We implant the SSO into the Original systems without changing them, implement the SSO inside the enterprises and simplify the process of SSO. We use the identity mapping technique in the original system, use identity federation for communication between enterprises, and expand the applicable scope of the SSO, in order to implement the identification information exchange between enterprises and their partners. We also design the framework and every functional module using the concept of object-oriented and modular designing give the flowcharts as system structure for the improved SSO model and its security mechanism, the function division and detailed design for all the parts of the system of the framework. At last, we analyze and summarize the existing framework, and test results and give suggestions for future research. |
PDF Full Text Request