【作者】 张家友；

【导师】 刘杰；

【作者基本信息】 北京邮电大学 ， 通信与信息系统， 2009， 硕士

【摘要】 随着企业信息化建设程度的不断提高,企业中的应用系统也越来越多。各系统往往都有自己的安全策略,由于各系统互相独立,一个用户在使用每一个应用系统之前,都必须按照相应的系统身份进行系统登陆。用户必须记住每一个系统的用户名和密码,这样一来出错的可能性会增加,受到非法截获和破坏的可能性也会增大,安全性就会相应降低。而如果用户忘记了口令,不能执行任务,就需要请求管理员的帮助,并只能在重新获得口令之前等待,造成了系统和安全管理资源的开销,降低了生产效率。由于上述原因,在市场上提出了这样的需求:用户可以基于最初访问网络时的一次身份验证,对所有被授权的网络资源进行无缝的访问。这样可以提高网络用户的工作效率,降低网络操作的费用,并提高网络的安全性。这样,单点登录技术应运而生。本论文对单点登录技术进行了探讨,主要对系统工作流程和安全性方面进行了研究和总结。针对基于WEB技术的应用系统的特点,提出了一种基于WEB请求代理的单点登录的解决方案,采用了数字签名和SSL技术保证了系统的安全性,采用动态链接库技术增强了系统的可移植性和可扩展性。本论文首先分析了多系统的应用所面临的问题,阐述了单点登录的必要性和重要性。然后深入分析比较了几种单点登录技术的特点,归纳总结了各自的优缺点以及适用环境。接着,研究了与单点登录相关的其他技术。在此基础上,给出了基于WEB请求代理的单点登录的解决方案的设计和实现。该方案将单点登录的核心功能封装在一个组件中,并采用了认证加密技术,既保证了单点登录系统的安全性,又符合WEB应用轻便、易扩展的特点。更多还原

【Abstract】 With the enterprise informatization,enterprise applications are more and more. The system often has its own security policy. As a result of independent systems,a user must be in accordance with the appropriate identity for system login before in the use of each of the applications. Users must remember each system’s username and password . This will increase the possibility of a mistake. And it will also increase the possibility of illegal interception and destruction ,security will be reduced. If the user has forgotten password,unable to perform the task,he need to request the help of the administrators,and have to wait until regained the password, resulted in resources costs,and reduced productivity. Due to the above-mentioned reasons,made such a demand in the market: user can access a network based on the initial authentication to access all authorized network resources seamlessly. So as to enhance the efficiency of users,reduce the cost of network operations andimprove network security. As a result, Single Sign-On technology came into being.This paper studied the Single Sign-On Technology, research and summarizes the flow and security of the system. for the characteristics of WEB applications, proposed a Single Sign-On solution based on WEB request agent, use of digital signatures and SSL technology to guarantee the safety of the system, use of Dynamic-Link Library technology enhances system portability and extensibility.This paper analysed the multi-system problems first,explained the necessity and importance of Single Sign-On. Then compared and analysed the characteristics of several Single Sign-On technology, summarized the advantages and disadvantages of each, as well as the application of environmental. Then,studied other technical related with Single Sign-On.On this basis, proposed a Single Sign-On solution based on WEB request agent. The solution will package the core functions of the Single Sign-On system to a components,and use authentication technology. The purpose is to ensure a Single Sign-On system security,and match WEB applications characteristics of light and easy to expand.更多还原