基于SAML的跨域单点登录的设计与实现-《计算机技术与发展》

文章信息/Info

Author(s):: JIAO Ya-nan; HU Chun-zhi; School of Computer Science and Technology, Tianjin University

摘要:: 随着网络技术的飞速发展，基于网络平台的应用系统逐渐进入各行各业中，带来巨大收益的同时对安全性提出了更高的要求，需要保证访问其资源的用户具有合法的权限。为了适应多系统平台的发展要求，实现对登录平台的用户信息进行统一认证和管理，文中设计了一个跨域的单点登录系统（CD—SSO），它采用SAM[。断言作为安全信息定义的标准化格式，通过SOAP消息传递安全元素，利用WS—Security来保障消息的完整性和机密性。它在方便用户访问的同时提供了完善的安全服务机制，可以保证消息和服务的保密性、完整性和有效性

Abstract:: Because of the network＇ s openness, systems in the Multisystem Platform （MP） call for a higher security. To solve this problem and provide the users of MP with unified and secure access to resources,it designs a cross-domain single sign-on system （CD-SSO） , with which the users do not need to authenticate identity repeatedly during a multi-service process. It uses SAML assertions as standard- ized format for security information and sends security element through SOAP message and uses WS-Security to protect message integrity and confidentiality. It can guarantee the security while helping users visit