随着企业信息化建设的发展,企业信息应用系统的种类、数量越来越多,建立统一的身份认证管理机制,用户只需向身份认证中心提供一次身份信息,便可安全、平滑地访问不同应用系统,即实现单点登录,成为企业信息化建设的重要内容.根据当前企业信息应用系统已具有大量历史遗留帐号的实际情况,本文给出了一种基于票据的单点登录协议,对传统的基于票据的单点登录协议必须依赖全局统一用户身份标识的局限性进行改进,通过该协议能够简单、安全地实现对具有大量历史遗留帐号的应用系统的单点登录集成.%With the rapid development of the enterprise informatization construction, the enterprise information applications are built in increasing numbers. It is an inevitable trend to establish a unified I-dentity management system to provide single sign-on among the enterprise applications. The user is able to access different enterprise applications securely and smoothly by providing his or her identity information only once in enterprise identity authentication center. In this paper, a ticket-based single sign-on protocol and the design of a protocol reference implementation are proposed. The new protocol improves the limitation of the classical ticket-based single sign-on protocol such as Kerberos. It is easier and safer to implement single sign-on for enterprise applications with a lot of legacy accounts.
展开▼
