A Design And Implementation Of Single Sign-on System Based On The Improved RBAC Model And CAS

With the rapid development of information technology, B/S application system, which is easy to develop, to maintain, and conveniently use, has been widely used and promoted. Many application systems are needed to work cooperatively no matter in the area of education, business, finance or any other areas. These systems bring convenience as well as problems to users. Single sign-on technology come into being because of different technologies in using of different application systems. Though differences exist, each application has its own authentication module. If users want to use these systems, they must input the appropriate user's name and password as the application system, which is helpful for people to reach the purpose of logging in more than one application systems. But this approach is neither convenient for users to use nor convenient to manage the system. Single sign-on technology can achieve a function of "a single login, multiple roaming" for building applications integration platform. That is to say, users can visit other systems under the Union instead of re-login through a unified identity of authentication system.Single sign-on can do good to solve the user's trouble of re-logged ,to simplify the management of systems, and to protect the security of user's information. We find that the user's roles are various among different systems through the reach in existing single sign-on system. The result is that we need to solve the problem of the users'role conversion in different systems in the process of Single sign-on. Therefore, based on the improved RBAC model, the issue of user's role conversion among the various systems is going to be discussed in this thesis with the combination of Static strategy and dynamic strategy.Firstly, the single sign-on theory and techniques are introduced in this thesis, including single sign-on principle, information security, directory services and the relevant basic knowledge of RBAC model. Secondly, the CAS and the improved technology of RBAC model are introduced. these two parts above are the technical basis of this thesis. Thirdly, the detailed design of the system are introduced. In uniform identity authentication, the certification process and related electronic identification are designed in detail in this thesis. In the module of role conversion, the approach, which is on the basis of the combination of Static strategy and dynamic strategy, is proposed. Finally, the aim is to finish the single sign-on system and the function of role conversion of the users among systems.