Research And Implementation Of CAS-based Cross-domain Web Applications Single Sign On

In a specific network,there is running a large number of Web applications,we access these Web applications frequently.Such as resources-sharing system,OA system,training system in a company.It is very inconvenient for the users to use the Web applications because they require authentication first;Users often use simple passwords,which also caused a safety hazard.To solve these problems,the better way is to add a unified authentication mechanisms to the Web applications,achieve single sign-on and establish mutual trust mechanism between the Web applications,users can simply use one password and login once to access all Web applications.When analysis Web applications single sign-on requirements,we can find there are some problems need to be solved in Web applications single sign-on integration:users management system,Web applications access control,the reform of Web applications for single sign-on,with the popular of mobile Internet,how to make WeChat users login single sign-on system directly.This paper aims at the above problems,study CAS(Central Authentication Service)single sign-on technology,design and implement a Web-based multi-service applications SSO system,in addition to the achievement of the Web applications single sign-on,the paper also finishs the following:(1)Unified users management.The whole system only has one source of user information,which stores the user's basic information,the user of other Web applications should be synchronized to the source.(2)Access control in two levels.Single sign-on system control user's access in application-level,for unauthorized users,even if already login single sign-on system,Web applications can also deny access request.For internal permissions in every Web application,each Web application individually controlled.(3)The user application platform.The platform is a portal system for single sign-on system in the entire Web application,the user can see their access list,the administrator can assign user access to Web applications in the system.(4)Web application single sign-on reform,using the original application interface for automatic login,automatic register.With smallest modification to the original Web applications,Web applications will be run stable.(5)Extend the CAS certification process.Enable CAS integrating with the WeChat certification,achieving the goal of WeChat users login CAS directly.