Research And Implementation Of Single Sign-on System

With the continuous development of enterprise culture,the business type of the enterprise is becoming more and more diversified,need more and more applications to serve the enterprise,but each application system has its own independent authentication module,users need to provide authentication information when they log on to each application,the burden on the user increases with each passing day,the user for the convenience,often all the application system authentication information set to the same,which brings great security risks to the enterprise,the management of the enterprise has become more and more complex.The unified management of users,unified certification has become an urgent problem to be solved,so,put forward the point of view of single sign-on.This article has undergone a large number of market research and demand analysis,in the single sign-on system based on the addition of a unified authentication platform.Mainly from the unified user management,unified authorization,unified identity authentication three aspects of the single sign-on system to do a detailed analysis and design.The unified user management is based on the user information in the personnel management system,through the middleware to realize the data exchange between systems,to achieve unified management and unified authorization of user information,reduce the number of user information storage,and improve the utilization rate.Unified identity authentication module is based on the CAS single sign-on protocol,analyzes the deficiency of the CAS protocol,and put forward the improvement scheme,according to the different architecture of the application system proposed a different proxy login solution.The user logs in through the unified authentication platform,once the authentication is passed,you can access all the applications that are authorized to the user,which for the B/S architecture can not share the certificate application system introduced HttpClient,step-by-step authentication method to achieve single sign-on,the application system of C/S architecture also joined the proxy login middleware,really do application independence.In terms of security,joined the Kerberos authentication server based on CAS authentication server,which improves the security of the authentication server and the database,at the same time,the symmetric encryption algorithm is added to prevent the theft of the users and the bill information.Single sign-on system is implemented,integrates all the applications in the enterprisethe,truly "once logged in,the whole network traffic”,reducing the burden on users and administrators at the same time also improve the security of the system.With the continuous development of society,it is bound to become a trend to integrate the system of the enterprise,and the single sign-on system will become the main management software in every industry.