Research And Application Of A Distributed Cross-Domain Single Sign-On Model

With the development of internet and the popularity of network application, enterprise informatization has been deepened level by level. Companiesand government have begun to work with information systems, such asOffice Automation system (OA), financial management systems, file management systems, project management systems and some specialized information systems. However, because of the increase of these systems, people have to memorize more user names and passwords. Using the same password to every systemmay bring about potential information security risk. Therefore, the usage of the single sign-on with unified user management seems to be clear.Single sign-on (SSO) technology is a solution of accessing different systems with one single login. People can acquire authorized resources without another user authenification. With the continuousimprovement of network technology, there have been respectable mature single sign-on solutions at present. Some are open source solutions, which are convenient to use and free to acquire. Others are for commercial use, which have good user experience and high level of security. However, In order to meet the different needs of enterprises, a variety of network architecture has to be customized according to their business conditions, whether it is a solution of open source or commercial usage. In the case of the aviation manufacturing industry in china, it started relatively late. Users may focus on different contents of these stages.As a result, all these information systemsshould be cross-major and cross-function and multiple environment coordination. It is an essential issue for this project that how to integrateenterpriseresources by using the optimized plan and realize the unified user management and SSO, especially when many distributed application systems have been established. Therefore, implementing a single sign-on and unified user management is facing great challenge.SSO and the unified user management of the aviation design and manufacture industry are mainly discussed.The paper studied the status of the SSO technology at home and abroad,the current mature commercial products on the market, and compared their advantages and disadvantagesin order to find a common solution as a reference for other industries’informarization.Moreover, this paper studied the related technical principles, including the single sign-on technology, principle, and the concept of distributed cross-domain access. All these work was for the solution of research target and technical preparation for distributed cross-domain SSO module design.The main content of this paper is as following:Firstly,Toanalysis the current status of aviation design and manufacturing industry,the system requirements are, to achieve a single sign-on with unified user management with the available resource, to improve the user experience and to ensure the data security.Second,UsingUnified Modeling Language (UML)to set up model in terms of business model, system requirements and system architecture. To extract distributed cross-domain SSO model, and propose the target of this model:Integrating the existing application system, to achieve SSO with unified user management in a heterogeneous, cross-domain environmentwith the minimum cost.Thirdly,to achieve cross-domain single sign-on and unified identity authentication with IBM Tivoli Access Manager, implement mutual trust between certification centers,to solve the synchronization problem of organization and user information among multiple authentication centers, and between application systems and certification center. According to the requirements of the model design, the organization and user management, user information synchronization should be designed in detail, and its functions should be realized by coding with the technique of Web Services.Implementation by selecting a business system to validate the validity and feasibility of the model in this study. Includes user information management, identity authentication and SSO, user data synchronization, etc. To conduct the function and performance test by using the simulation of the organization and user information deletion operation. Also, whether thetiming synchronization or the real time synchronizationcan be verified. In the case of the number of concurrent users is below two hundred, and CPU usage is less than 70%.Test results show that the performance and function of the system can meet the users’requirements. In the process of system running, it shows good security and stability, and it improved customer satisfaction. It indicates that the distributed cross-domain single sign-on model design in aviation manufacturing industry for realizing unified user management and single sign-on is applicable.