Research And Implement On Single Sign-On System Based On Dynamic Trusted Domain

At the beginning of informatization, the managers of the enterprise did not consider the problems of communication between subsystems. As the passage of time, there are more and more information systems. Users who need to work among more than one application systems must set up a large number of accounts and passwords, which are extremely easy to cause confusion. At the same time, frequent login operations may leak information, which will bring serious security hidden dangers. Currently, single sign-on system is the most effective way to solve such problem.The thesis foucses on the signle sign-on model based on SAML. For the problem of reliability certification center server, a solution of dynamic trust domain based single sign-on is proposed in the thesis, aiming at reducing the load of the authentication center. The concept of dynamic trust domain is introduced in the thesis. The dynamic trust domain is used to store the SAML authentication assertion which can be used to access the same service by the user for the next time, thereby reducing access to certification center. This thesis focuses on how to design the logical structure of dynamic trust domains and how to manage them. Due to the frequent insertion and deletion of the dynamic trust domain,the hash table and double linked list are used to store users' authentication assertion. In the consideration of that the recent access services are likely to be accessed again, an algorithm, which is based on the ideas of the LRU page replacement algorithm in the operating system, for the management of dynamic trusted domain are put forward. The algorithm reduces the number of the web services access to the certification center effectively, thereby reducing the load of the authentication center.The general structure design of the single sign-on system based on dynamic trusted domain is presented in this thesis, which also discusses the details of the designs of each component. The implementation processes of the portal access control center and SAML certification center, and how to use the LDAP to realize unified management of user information in the single sign-on system are discussed as well. For evaluating the differences of the certification center loads between single sign-on system based on dynamic trusted domain and single sign-on system based on SAML, and assessing factors influencing the load,related experiments have been conducted. And the analysis results show that the single sign-on system based on dynamic trusted domain reduces the loads of authentication center,which improves the efficiency of the whole single sign-on system.