| With the continuous advancement and deepening of enterprise information construction,the scale of information system is more and more large,the number of users is rising rapidly,and the security risk and management cost also increase.How to effectively protect the enterprise's information assets and reduce the safety management The cost becomes the main difficult problem that many enterprises face at present.Identity authentication centralized management system is for enterprise products IT resources and enterprise information system users comprehensive management point of view,with the rich country in the information field for many years of research results to achieve multi-system user management and control of an integrated,one-stop identity And access security management solutions.It can effectively help enterprises solve the problems of identity lifecycle management,unified identity authentication,enterprise IT system integration and single sign-on,authorization and access control management,behavior audit and responsibility identification.In this dissertation,a certain group of companies in China,for example,for a certain group to establish a unified identity authentication centralized management platform,including authentication subsystem,management and authorization subsystems,synchronization service subsystems,self-service subsystems.The system is based on J2 EE development.Using SmartClient,Spring,Hibernate and other frameworks.And digital certificates,cryptographic algorithms and other technologies as the basis,to achieve a safe and reliable unified user identification and access management system.The system of identity authentication,user management and other functions of the initial implementation of the statistics,you can make enterprise application system administrators to better manage the system.For the authentication system,single sign-on implementation is mainly based on SAML2.0 standard access protocol,and supports single sign-off and USBkey login.External with the standard SSO Ticket authentication API interface.The user's authorization and management system is mainly used RBAC management model.The system is divided into multiple roles,each role represents a set of permissions,each user can have multiple roles.Data synchronization services using SPML1.0 technical standards for data synchronization.At the same time,the data synchronization service can update the change of the user identity information to each business system according to the pre-set synchronization strategy,or distribute the user identity information to the specified directory server(LDAP / AD)or the third party database for information synchronization.. |
PDF Full Text Request