The Unified Authentication System Based On Security Assertion Markup Language

China Telecom's current Channel systems such as online business, Wap business hall, 10000 Number, self-service terminals and so on exist in various forms of certification systems: there are based on customer identification and password,based on product identification and product password,based on account. Because of the complex and various authentication ways, First, it is bad for the operation experience of the customer.Second, China Telecom's present certification data are mostly distributed within the core support system, Objectively, which makes the core support system such as the telecom CRM system, billing and accounting system need to complete in addition to business operation support functions, they also need to provide the certification services of the entity such as customers, account, products and so on for the channel systems, so as to increase the burden of core support system.China telecom is integration of value-added service business resources through the gateway website to provide a unified business presentation and business using channel for the telecom customers. The unified portal can promote the business integration, and gradually it is developed into a customer comprehensive service portal for customer service, business propaganda and product use. Which can solve the problem that the users need memory excepting accounts and passwords of a variety of channels systems and also need to memory accounts and passwords of the multifarious value-added business.The project researches unified authentication system which is established for China telecom customers (hereinafter referred to as "unified the authentication system"). According to the present situation of the China telecom channel systems and value-added service systems, the mechanism using the server-side to save Token based on Security assertions Markup Language (SAML, Security Assertion Markup Language) specification is proposed to achieve a unified authentication system. The project researches the principles and implementation of the generation, maintenance and cancellation of the server-side token such acts, as well as the principles and implementation of encryption, transmission and interaction of critical information (Ticket) between server-side and browser-side. Through the research and practice, programming China telecom unified authentication system, making good use of telecommunications customer operating experience.