Research And Implementation Of Single Sign-On System Based On LDAP

With the progress of enterprise informatization construction, and the development of Internet technology, modern enterprise with more and more kinds of application system, to complete the enterprise’s production and management requirements, and we found that the application system of independent each other, less often, and use of the associated development platform is not uniform, give users a series of problems in the same user access and in different application system authentication and the multiple identities. Along with the increase of independent application system, users need to remember the different application system of different user name and password with the increase of the number, probably in the usual use, the user will forget a username or password system, in order to prevent the user will forget, user name and password to write down before you forget it, and unintentionally caused many serious security issues. The enterprise is not affected by internal oneself, can also affect the enterprise outside business partners and customers, they may need to access from the enterprise outside the enterprise portal or through Internet application system, they entered the different application will log. Therefore, the user needs a unified, namely the login user login time to visit other applications-single sign-on.Based on the engineering background of LiaoNing province, public security and committed against enterprise single sign-on system is studied and analyzed. First, the current single sign-on model is analyzed and studied, through the comparative analysis using the Yale CAS single sign-on model, based on CAS single sign-on model of principle and process of research and analysis, found the CAS model of single point of failure exists in risk and authentication of CAS, then a single sign-on model is improved and extension. Using the load balance technique to solve the problem of single point of failure of CAS namely originally a single unified authentication server by an improved into multiple authentication server scheduling server and composed of cluster, using polling algorithm of CAS authentication server. In this model, the expanded the identity authentication, the user’s information and based LDAP storage roles. According to the original model of user access system application documents TicketRegistry is in memory of the storage, create mapping table with traffic increases greatly influenced the operation of the system, the improvement of the database by means of embedded into the store. Finally completed the single sign-on system realization, reached the user login time can access all enterprise application requirements, and the public in liaoning province in the actual project committed to engineering application.