Design And Realization Of Single Sign-on System Based On Web Service

With the rapid development of information technology, application systems developed by enterprise are increasing. Most application systems possess independent authentication center, authorization mechanism and user information management strategy. So that the users get access to several application systems, which requires the users to log in application systems in multiple times, it is discommodious for users to apply system resources and manage application systems immensely. So it is necessary to design a single sign-on system to solve the above problem. The main direction of single sign-on research is based on the Security Assertion Markup Language (SAML) single sign-on model, however, there is no corresponding solution for SAML to its own security issues. What’s more, single sign-on system’s disadvantages such as deployment difficulties, limited expansion abilities restrict the development of single sign-on technology. In response to these problems, this thesis’s main tasks are as follows:For the SAML Browser/Artifact model’s security problems, this thesis uses XML digital signature and encryption technology to sign on and encrypt the SAML message, which can be a good solution to ensure the integrity, privacy and non-repudiation of SAML message and effectively solves SAML Browser/Artifact model security issues as well. For the complexity of PKI, this thesis propose a key management layer which combined traditional PKI with XML Key Management Specification(XKMS)to provide the key management service, and the model can shield the complicated PKI grammar and also provide web service for client calls, which effectively solve the complexity of PKI.On the basis of analysis and compare the single sign-on technologies and products that are popular at home and abroad, A safe single sign-on solution based on Web Service is presented in this dissertation. The proposal adopt the XKMS key management services to administer the keys effectively, this model applies XML digital signature technology and XML encryption technology to guarantee the security of SAML information. It realizes management of users’information and application resources by LDAP (Lightweight Directory Access Protocol), using SAML client to interact information between certification center and subsystem. The single sign-on model implements unified identity authentication, unified management of keys and unified management of users, which meet the requirements of the enterprise single sign-on.For example Beijing SDL Technology Co., Ltd. The dissertation analyses and researches the company’s personnel management system and financial management system to achieve enterprise single sign-on, with the aspects of the security, scalability, exploitativeness and reliability, then it analyzes the performance of this system.