【作者】 刘润峰；

【导师】 马严；

【作者基本信息】 北京邮电大学 ， 计算机应用技术， 2007， 硕士

【摘要】 单点登录技术在企业信息化过程占据着非常重要的地位，面对着越来越多企业应用系统，单点登录技术不仅提高了企业系统整体的安全性，同时也提高了员工和用户访问系统的速度，从而大大地提高了工作效率。本文对现有单点登录技术进行了充分的学习，同时研究了各种单点登录的实现模型，再参考了国内外多种单点登录系统和产品后，提出了多域单点登录的概念并进行了原型系统的设计与实现。多域单点登录，就是将多个单点登录系统连接起来，形成一个庞大的单点登录系统的网络，在这个网络中用户不仅仅能够在某个单点登录系统内，同时还能够实现不同系统之间的单点登录。在这个网络中，将每一个单点登录系统称为一个单点登录域，就是多域单点登录中域的概念。传统单点登录系统一般分为认证服务器和认证代理两个部分，而为了实现多域的思想，本系统添加了SSO注册中心模块，最终的系统由SSO注册中心、域认证服务器、认证代理三个模块组成。SSO注册中心负责保存和中转各个SSO域的域认证服务器信息，是多域单点登录系统的上层调控模块。域认证服务器模块与传统的单点登录系统中的认证服务器模块功能类似，但加入了适应多域环境的额外功能。认证代理模块保护需要认证才能访问的Web应用。文中首先介绍了单点登录的概念，以及当前单点登录技术的发展状况。然后介绍了实现单点登录的相关技术，这包括安全加密技术，SSL协议和HTTPS协议，以及Session技术。接着详细论述了多域单点登录系统的设计目标，系统架构和工作原理，以及具体的实现和部署，最后讨论下一步的研究目标。更多还原

【Abstract】 Single Sign-on Technology (SSO) occupy a very important position in the enterprise information process. In the face of an increasing number of enterprise applications, SSO has not only improved the overall security of enterprise systems, but also enhanced the speed at which the staff and other users access the system, so that greatly improving the efficiency of the work.In this paper, firstly, the existing Single Sign-on Technology has been studied fully. Additionally, a variety of models to be realized have been examined. Finally, after referring to varieties of domestic SSO products, the conception of Multi-domain Single Sign-on (MSSO) has been proposed and the prototype system has been designed and implemented. MSSO is to link a number of SSO system to form a huge network. In this network, the users can not only sign on one single sign-on system but also can do the same things between different systems. One single sign-on system is named the single sign-on domain, which is the conception of the domain in MSSO. The traditional single sign-on system will generally be divided into two parts, agent certification and authentication server. In order to implement the idea of multi-domain, the SSO module of the system registry is added to. The ultimate system includes three parts, that is SSO registration center, domain authentication server and authentication proxy. SSO registration center for the preservation and transfer all domain SSO authentication server domain information, is the top multi-domain single sign-on system control module. Domain authentication server module and the single sign-on system is similar to the authentication server module function, except to add some extra function of adapting multi-domain environment. Authentication Proxy Authentication Module protects the Web application that can be visited after the users signing on.This paper introduces the concept of a single sign-on, and the current single sign-on technology development. Secondly, it introduces some technologies about Single Sign-on, including security encryption technology, SSL and HTTPS protocols and Session technology. Thirdly, single sign-on system design, system structure and working principle have been discussed in detail. Finally, the goal of research in the next step is proposed.更多还原