Research And Implementation Of Unified Authentication Systembased On CAS And OAuth

With the continuous development of Internet technology, in order to improve the level of informationization, universities introduce more and more web sites and applications, each application generally adopt independent authentication, maintenancemany sets of credentials cause users inconvenience, but also bring hidden danger of security.Inconsistent data pose a risk to the application, at the same time the existence of multiple sets of user data has caused a great deal of data redundancy. Complex permissions module also brings difficulty for application development. In order to solve the problem, unified authentication system becomes necessary.This paper first introduces the research background and significance of the subject, introducescurrent researchof single sign-on and open licensed technology and contrast the mainstream solution about single sign on. Then in-depth study based on school-house applications’ type and user access needs,made an application integration solution with CAS(Central Authentication Service) and OAuth2.0as the core technology,namely the design and implementation of CAS and OAuth unified authentication system.design a structure made up of data layer, application layer, service layer unified authentication, access control layersaccording to the needs.System use CAS to build certification service as the core,school internal applications using Spring Security framework to achieve user authentication and user authorization in the single sign-on process.make CAS support for OAuth2.0, provides open authentication for third-party applications. The system uses RBAC model to design permissions section of the data structure,user access data and unified authentication service ticket information is stored using MongoDB to protect data sharing in the cluster environment of certification services. MongoD uses "master-slave" tyoe to protect the data security.Build information management center to achieve one-stop management of the user, resource, authority data.Build a strategy of "Internal application through a single point of entry, third-party applications through authorized log" through work above to realize the integration of application and centralized management of user information. Between applications authenticated by ticket rather than the traditional static passwords, effectively enhance the security of user account.