面向服务的高可用细粒度的身份认证平台实现

Implementation of Service-oriented High Availability and Fine-grained Authentication Platform

随着师生信息化素养的提升,高校信息化管理系统加剧增多,但各系统割裂,线上互联互通较少,尤其系统登录认证模块用户名和密码千差万别,为师生学习生活增加了很多困惑。本文首先分析了数字化校园建设中身份认证平台使用现状和面临问题,结合以用户为中心的标签分类理念,设计了基于CAS机制的面向服务的细粒度身份认证登录模型,利用负载均衡和服务器互备提高服务的可用性,并且通过加入多源联合登录和短信认证登录,解决了访问控制、身份管理、统一授权、安全审计四个方面存在的安全和管理难题,实现了面向服务的高可用细粒度身份认证平台。

With the improvement of the information literacy of teachers and students, the information management system in Colleges and universities is increasing, but each system is separated, and the online connectivity is less, especially the user name and password of the system login authentication module are very different, which adds a lot of confusion to the study and life of teachers and students. Firstly, this paper analyzes the current situation and problems of identity authentication platform in the construction of digital campus, designs a service-oriented fine-grained identity authentication login model based on CAS mechanism, using load balancing and server mutual backup to improve the service availability, and solves the problems by joining multi-source joint login and SMS authentication login. The security and management problems of access control, identity management, unified authorization and security audit are discussed, and a service-oriented high availability fine-grained identity authentication platform is realized.