基于票据的跨域单点登录

摘要

针对单点登录中的跨域身份认证问题,提出了一种基于票据的解决方案,以地址重定向的方式传递加密用户登录信息,异域应用系统获取用户信息并提供数据操作服务.使用随机数字生成票据,并作为生成传统加密算法会话密钥的参数,采用现代加密算法实现异域系统之间的互信并安全传递票据,异域应用系统根据票据产生会话密钥,加密并传输用户登录信息,每次会话产生新的密钥.通过对票据产生和传输以及密钥的安全性分析,可以实现跨域单点登录的功能并保证身份认证安全可信.%To resolve the problems of cross domain identity authentication in Single Sign On (SSO), a solution based on token was proposed, which transmitted the encrypted logon information of user through URL redirection, and then the application systems in heterogeneous domains got the information and response data operation. By using random digital number as token that can act as the parameter to generate session key of traditional cryptosystem, the solution presented a method of mutual trust and security token transmission between application systems in heterogeneous domains through modem cryptosystem. In this method, the application systems generated the session key by using token and encrypt/decrypt the user information, and each communication used different session key. The security analysis of the generation and transmission of token and key shows that the solution is a secure implementation of identity authentication in cross domain SSO.