Research And Application Of SAML2.0

With the continuous application of web technology, more and more universities, companies and government agencies furnish resources and services through a network, and they work together more closely, information sharing has become increasingly frequent. Each of these resources, service system uses independent authentication and authorization system And maintain their own security policies and user repository. Independent authentication and authorization mechanisms lead to the relative isolation of the business relationship, at the same time, the user is forced to use different username and password to log in multiple times in different applications, Which led to the isolation of the user experience. SAML2.0protocol establish a standard exchanging authentication and authorization information between security domains which is in order to eliminate this isolated access and isolated business, So that more secure, more easily access to all Shared resources and public services.This article mainly study SAML2.0protocol application. Centralized identity authentication and authorization model is put forward, the model can be centralized management of user identity information, identity authentication and authorization information of application system, which can solve the information management chaos of the problems under distributed certificate authority model. However the SAML2.0protocol was used to construct a federal environment online identity system, to use single sign-on technology, combined the technology of unified identity authentication and authorization, which can very good solve many repeated login problems in the application system collaboration. Single sign-on technology used by identity service system to get the very good application, will encounter an obstacle: How can currently existing application system integrate with the identity service system to achieve the same security domain authentication and authorization information sharing. And multiple organizations and agencies have their own identity service system, has formed his own security domain. The security domain have different security protocols. How to achieve identity authentication and authorization information sharing between multiple security domains with different security protocols. These are SAML2.0application to solve the key technical problems. this paper research and develop the SSO integration components between application system and the identity service system and cross-domain SSO technology among multiple identity service system, The main technical characteristics are as follows:(1) on the integration technology, using component development method, realize security seamless integration with application system. In the case of not any modification for application system, by providing online interface for simple configuration, can achieve with the identity service system integration.(2) The cross-platform, cross-domain single sign-on (SSO). Not only support the SSO among the identity service systems of the J2EE platform, also support the SSO and.NET platform.(3) Authorization information transfer of cross-domain SSO is a critical problem, put forward the cross-domain identity mapping and cross-domain attribute mapping solution.