一种基于票据的单点登录协议设计与实现

J4 ›› 2012, Vol. 34 ›› Issue (2): 41-44.

一种基于票据的单点登录协议设计与实现

李凡1,2，王流一3

（1.武汉理工大学信息工程学院，湖北武汉 430070；2.成都信息工程学院计算机学院，四川成都 610225；3.四川中电启明星信息技术有限公司智能电网研发中心，四川成都 610016）

收稿日期:2011-07-22 修回日期:2011-10-30 出版日期:2012-02-25 发布日期:2012-02-25

Design and Implementation of a TicketBased Single SignOn Protocol

LI Fan1,2,WANG Liuyi3

(1.School of Information Engineering,Wuhan University of Technology,Wuhan 4300702.School of Computer Science,Chengdu University of Information Technology,Chengdu 610225;3.R&C Center of Aostar Information Technologies Co.,Ltd.,Chengdu 610016,China)

Received:2011-07-22 Revised:2011-10-30 Online:2012-02-25 Published:2012-02-25

摘要/Abstract

摘要：

随着企业信息化建设的发展，企业信息应用系统的种类、数量越来越多，建立统一的身份认证管理机制，用户只需向身份认证中心提供一次身份信息，便可安全、平滑地访问不同应用系统，即实现单点登录，成为企业信息化建设的重要内容。根据当前企业信息应用系统已具有大量历史遗留帐号的实际情况，本文给出了一种基于票据的单点登录协议，对传统的基于票据的单点登录协议必须依赖全局统一用户身份标识的局限性进行改进，通过该协议能够简单、安全地实现对具有大量历史遗留帐号的应用系统的单点登录集成。

关键词: 单点登录；身份认证；访问管理单点登录；身份认证；访问管理

Abstract:

With the rapid development of the enterprise informatization construction, the enterprise information applications are built in increasing numbers. It is an inevitable trend to establish a unified identity management system to provide single signon among the enterprise applications. The user is able to access different enterprise applications securely and smoothly by providing his or her identity information only once in enterprise identity authentication center. In this paper, a ticketbased single signon protocol and the design of a protocol reference implementation are proposed. The new protocol improves the limitation of the classical ticketbased single signon protocol such as Kerberos. It is easier and safer to implement single signon for enterprise applications with a lot of legacy accounts.

Key words: single signon;identity authentication;access management

李凡1,2，王流一3. 一种基于票据的单点登录协议设计与实现[J]. J4, 2012, 34(2): 41-44.

LI Fan1,2,WANG Liuyi3. Design and Implementation of a TicketBased Single SignOn Protocol[J]. J4, 2012, 34(2): 41-44.