The Design And Implementation Of Single Sign-On For Web Application

Due to the rapid development of enterprise information technology, more and more business support systems join to enterprise services cluster of companies. With the gradually increased number of business systems, increasing systems management costs and user productivity loss and other problems are slowly exposed. To solve these problems, Single Sign-On which is a new type of enterprise business integration technology comes into the people’s horizons and quickly becomes a popular enterprise business integration solution.Firstly, based on the domestic and foreign research status and the application prospect of Single Sign-On, this paper systematically introduces the concept, the application significance and the related models and protocols of Single Sign-On technology. Meanwhile, the article also compares and analyzes the models and protocols which is be related to Single Sign-On, then this article describes their features.According to the comparing results of various single sign-on protocols, the paper chooses the Yale-CAS authentication protocol for the following exploration and research of Single Sign-On system. Firstly, the paper introduces the architecture, the authentication process and the type of tickets of the CAS protocol in detail, then it analyzes the security of the CAS protocol roundly. Secondly, based on the aforementioned theoretical knowledge, this article proposes some shortcomings when using CAS protocol in the practical application demand. These shortcomings include the difficulties of original enterprise application integration, the loss of application system access control and so on.After systematic research, the paper designs and implements a Single Sign-On system which is based on CAS protocol through importing the User-Mapping structure and reforming the workflow of CAS protocol. In addition, in order to enhance the security of this system, the paper also adds the security audit feature to the system. Finally, the test results which is obtained in a real experimental environment shows that the new Single Sign-On system can integrate the original application system into enterprise system with the fewest modification and it also can provide a more comprehensive protection for users and enterprise managers.