摘要
介绍了一种基于Web的单点登录实现方法,解决同一用户登录不同Web应用系统需要进行多次独立身份认证问题,详细讨论了单点登录系统中后台数据组织、存储安全性以及代理认证服务处理逻辑。同时,就服务通信安全与服务响应时间之间的矛盾问题提出了一种解决的方法。Web代理采用浏览器插件方式,截获用户第一次登录某个Web应用时的post数据,并将其存入数据库,用户在以后登录这个Web应用系统时自动提取数据库中post数据,省去了用户手动进行身份认证的过程,实现了统一身份认证。
A Web-based approach to single sign-on is described to solve the problem of separate identity authorization when a user logs in different Web application systems. Back end data structure and storage security issue of single sign-on system are gone into, and the processing logic of authorization proxy server is discussed as well. At the same time an approach is proposed to solve the contradiction between service communication security and service response time. IE plug-in is applied to capture user's post data of first sign-on, and store the data. When the user logs in the Web application system again, the user's post data is distilled automatically from database, which eliminates manual identity authorization. Thus, unified identity authorization is realized.
出处
《计算机应用与软件》
CSCD
北大核心
2007年第11期147-149,197,共4页
Computer Applications and Software
