【作者】 李新华；

【导师】 邓江沙； 王如龙；

【作者基本信息】 湖南大学 ， 软件工程， 2007， 硕士

【摘要】 随着计算硬件价格的不断降低和网络技术的日益普及,现代企业拥有越来越多的各类应用系统,以完成不同的生产、管理需求,同时我们发现,这些应用系统往往相互独立,彼此很少关联,并且使用的开发平台也不统一,给用户使用带来一系列的问题,其中最主要的问题,储如:数据共享、用户身份、角色难统一,导致同一用户不得不在访问不同应用系统中进行多次身份的认证和确认。随着这些相互独立的必须的登录数量的增长,用户需要记住的用户名和密码数量也在激增。结果常常是一些不幸的用户可能把用户和密码写下来以免忘记,而在无意中引起了诸多严重的安全问题。受害的范围还可能会扩展到企业以外,商务伙伴、业界代表和客户也可能要从企业外面访问Web门户或者应用程序(一般通过Internet),而且他们也可能会被要求多次登录。用户需要一个统一的登录方案,即用户登录一次即可访问其他应用的方案——单点登录Single Sign-On (SSO)。本文从企业现有应用系统的实际情况出发,在较深入地研究了各种单点登录现有技术基础上,提出了基于IBM Domino内置的LDAP(Lightweight Directory Access Protocol)的单点登录解决方案。该方案采用已有的LDAP目录服务提供用户身份数据,分别以HTTPCookies认证、表单认证、LTPA(Lightweight Third Party Authentication)认证和基于JAAS(Java Authentication and Authorization Service)框架的认证服务提出了四种对用户进行统一认证的实现方案。并以其中的一种方案具体实现了两个应用系统间基于LDAP的单点登录。文中详细分析了实现SSO所需的关键技术和具体实现方法,最后还对该SSO方案的性能进行了讨论。该文为多应用系统的集成和身份认证提供了一种参考模式和思路。更多还原

【Abstract】 With the decreasing of computer hardware’s price and the popularity of network development,more and more modern enterprises have many kinds of IT application systems. In order to complete the demand of different production,and management. Simultaneously, we discovered that these application systems often independent, less connection,And these development platforms are not unified. These will bring series of problems for they users. Main questions, such as:data sharing and user authentication. In order to use different application system, those who have been authenticated must be authenticated for many times. Along with the growth of these independent systems,users need to remember the different user names and passwords. Frequently, In order to avoid loss,the result is some unfortunate users possibly wrote down the usernames and his passwords. Accidentally, this will cause many serious security problems. Possibly,The scope of suffering injury will expand to the enterprise outside,The business partner,the business represent and customers also possibly to visit the website or the application(via the internet). Moreover,they also possibly requested to register many times. The user needs a unified Single Sign-On system. Namely, the user sign one time and authorize to visit other applications -- Single Sign-On the (SSO).Based on many kinds of SSO (Single Sign-On) technology, this article embarks from the enterprise existing application system, provids a simple solution of SSO. This strategy uses IBM Domino LDAP(Lightweight Directory Access Protocol) service to provide the user authenticity information, and uses Http Cookies、Form、LTPA(lightweight third party authentication)、JAAS(Java Authentication and Authorization Service)as a basic authentication structure. This article provides the key technology of SSO and some useful methods to achieve SSO. At last,The article discusses the performance of the SSO system. All in all, The article has provided one kind of reference to integrate the complex IT application system and the methods of user’s identification authenticating.更多还原