| With the rapid development and the widespread application of computer science,the information network technology has already deeped into many fields of themodern education. At the same time, the pace of information construction of collegesand universities is becoming more and more quickly, all the school departments havedeveloped their application systems to meet the needs of application services ofdifferent staff on campus. However, these systems have their own identityauthentication and authorization management mechanism, so when users intend toaccess different application services, they have to enter a different username,password and other information to repeat login authentication, this situation isobviously reduce users’ access efficiency and safety crisis will bring a certain degreeof. Therefore, it is very need a user login mode model to solve this problem to achievemore efficient, high security, identity authentication and authorization management,also is the so-called single sign-on. While in the process of digital campus networkconstruction, a basic work is to establish a unified identity authentication andauthorization management platform, so single sign-on is certainly a cornerstone of thedigital campus network construction.This paper gives a detailed research of the basic concepts, structure compositionand working principle of the protocol of SAML and single sign-on, and points out thedefects of the traditional single sign-on scheme and the SOAP binding at SAMLprotocol. SOAP is a protocol that is sending, receiving and processing data messagesby the intermediary, because it does not have the security mechanism, so often need touse with SSL. But SSL only supports transmission mode by point-to-point, so in orderto ensure data security at transmission mode by end-to-end, it is necessary that all theintermediary must establish a relationship of trust and the security of data link layer.The digital envelope using a symmetric key encryption to ensure that when andonly when a predetermined specific receiving good person can have access to thedecryption of encrypted data and read data communication content, realizes the encryption transmission of data information. However, it does not guarantee thatdestroy the transmission of data information has been attacked by other illegal users,while digital signature using the private key encryption mechanism to ensure theintegrity of data transmission and identity information can not be denied. Finally, itfocuses on two typical patterns of getting SAML assertion——"push pattern" and"pull pattern", improved scheme is put forward, and on the basis of digital envelopeand digital signature technology to design and implement single sign-on system basedon SAML and digital envelope with signature. |
PDF Full Text Request