Design And Implementation Of The Federation Authentication And Access System Based On Shibboleth

With the international and domestic academic exchanges become more and more frequent, more and more university teachers and students need to visit the campus information resources outside the campus. In addition, increased cooperation exchange activities between the various colleges and universities library, interlibrary loan, multidisciplinary collaboration, resource access and resource sharing and collaborative service are more necessary. In order to protect the information security and the intellectual property rights, universities are generally limited internal resources (including domestic and foreign electronic resources, information resources) only can be accessed within the scope of the campus IP. In this context, federation authentication is a fundamental problem to be solved.The research work of this thesis is one of the content of the CALIS digital library cloud service platform security sub project, based on trusted identity alliance and cloud services, which is one of the National Development and Reform Commission in 2011 national information security special projects. Through the integration of China Academic Library Information System(CALIS) Unified Authentication Cloud Center and CERNET Authentication and Resource Sharing Infrastructure(CARSI) Federation Authentication and Identity Authentication of digital resources system of academic, establish an a cross domain unified authentication mechanism. It solves the problem of federated authentication for digital resources of academic libraries and provides unified identity authentication infrastructure for resource-sharing and collaboration between academic libraries.First of all, this thesis studies technologies of off-campus access to electronic resources of academic libraries and technologies of Single Sign On, SAML, Shibboleth, CARSI authentication and CALIS unified authentication cloud center. Secondly, this thesis proposes a design of CALIS-CARSI federated authentication and access system based on Shibboleth. Then, this thesis provides the detailed design and a practical implementation guide for core modules, including federated authentication and authorization, resources remote access, user information management and access statistics management. Finally, this thesis analyzes the system core function test and system operation condition.This thesis aims to provide a more simple and more convenient off-campus access of foreign electronic resources to the user, the user may access to electronic resources protected by Shibboleth through real name authentication, without limiting by the scope of the campus IP.