Research On Unified Authentication And Authorization Integration And Interoperability Technology

With the continuous improvement of enterprise information, applications based on B/S architecture have been widely applied in the enterprise. A large number of applications are deployed in enterprises, such as office automation, e-mail, human resources systems, and so on. According to their functional requirements, each application system is developed independently and formed independent authentication and authorization management system. When users access to different applications, users need to enter a different username and password to login. Authentication and authorization management of application systems depend on their own user information. This decentralized authentication and authorization mode are many drawbacks, and no longer meet the needs of rapid development of enterprises.To solve this problem, the people proposed unified authentication and authorization, and single sign-on technology. However, unified authentication and authorization, and single sign-on technology program are applied successfully. There are some key problems to be solved:How to integrate an existing application system with Identity Provider System to share authentication and authorization information. This involves the unified authentication and authorization integration and interoperability technology, it need to be addressed key issues. To solve this problem, the key technology is researched in this paper. First, Identity Provider System which supports a variety of authentication and single sign-on agreements is developed. The system provides on-line authentication, single sign-on and single logout service. Then, to achieve identity system and applications seamlessly integrated, integration component which uses filters and generation of sign-on technology is developed. Finally, cross-domain interoperability operating technology is researched. The most critical the transmission of authorize information is carried out a detailed study and gave specific solutions.This paper has the following characteristics:First, integrated component configuration is simple, easy to use. Regardless of application system uses forms authentication, integrated Windows authentication method, the apply system can be seamless integrated. Through an integrated component technology, the application system does not require to make any changes, only requires simple configuration online. It can share identity authentication and authorization information with Identity Provider System. Second, it can be cross-domain and cross-platform interoperability and integration of Identity Provider System. It is not limited to a single domain, single-platform integration, which is not only with the Identity Provider System interoperability of the J2EE platform, but also with. NET platform. Interoperability with Microsoft’s Identity Provider System which is called ADFS is researched in. NET platform. Third, Inter-domain identity mapping and attribute mapping are gave for passing authorization information to achieve cross-domain unified authorization in the cross-domain interoperability.