Analysis And Improvement Of Security Problem In SAML-SSO System

With the rapid development of Internet technology, systems we used in our daily life and work turned to be more and more. At the same time, data information also soared. How to integrate the use of information resources, simplify the system application and reduce maintenance costs gets more attention. In order to solve these problems, the first is to realize the unification of the user authentication, concentrated and efficient management the authentication information such as the user account and password. The Single sign-on (SSO) is the best solution to achieve this goal. SSO is an important part in the authentication of system. It can be achieved that user need only one authentication and he can access other trusted application systems to get the experience of "one-stop service". While users get the convenient, they also pay more attention to the safety of the SSO system. So the study on security problem of SSO system, find security vulnerabilities and to improve and prevent helps to improve the security of the SSO system. Then, it can promote the development and popularization the SSO system, which also has great importance to the network user experience with efficient and secure online application service.This paper mainly studied the following aspects of content:(1) By study the basic principle、related technology and the existing variety of implementation mechanisms involved in the SSO system, we understand the SAML-SSO have advantages such as easy extension, cross-platform, portable, convenient and simple. So, it is more in line with the requirements of the network application environment.(2) The existing SAML-SSO system can not resist replay attack、DNS spoofing attacks and DDoS attacks, through analysis these security issues, seek the ideas and methods to solve these security problems, and proposed some specific improvement scheme, including the combined dynamic and static password authentication, check the uniqueness of user and SAML assertions and some other auxiliary method.(3) By using Shibboleth open source project to build the experimental environment of SAML-SSO system and making a pressure test, verified the improved SAML-SSO system can solve the safety problems effectively, it namely that the security of SAML-SSO system has been enhanced.