The Research And System Implementation Of Cross-domain Single Sign-on Model Based On SAML

Single sign-on model has released the centralized management of the application systems in the same security domain and brought great convenience to users,administrators,and developers?But the development of network information prompted a large number of enterprises emerging branches which require sharing business systems and business data synchronization.So how to realize the centralized management and convenient access of these complex applications in different security domains has become more and more important.For example,a user in A security domain wants to access applications in B security domain.Because there is no relationship of trust in different security domains,the security domain outside has to authenticate the user identity before the user access its applications.This makes the user need to remember a lot of user name and password,and it is not convenient.In order to implement Single Sign-On between different security domains,current business community and academia have their own solutions.This paper proposed Cross-Domain Single Sign-On model which is on the basis of the existing Single Sign-On models.This model is composed by security domain,gateway cluster,applications and so on.Security domain is an independent local Single Sign-On system.The gateway cluster is the core of security domain,it is based on the traditional Single Sign-On model based-on the gateway,and itself can schedule the load balancing algorithm improved in this thesis.The applications belong to different security domains,they play the role of service provider.This improved Single Sign-On model can achieve load balancing among all business gateways through its GateWay Cluster,in addition,the system has the feature of good compatibility,platform-independent,scalability,low cost and so on.This paper gives the design,implementation,the test scheme and the test results of cross-domain Single Sign-On based on SAML.The test results show that the improved Single Sign-On model and load balancing algorithm can well solve the defects of Single Sign-On model based on gateway,and this solution has certain feasibility and superiority.